Subject: | |
From: | |
Reply To: | |
Date: | Sun, 24 May 2015 06:52:40 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
The SSL certs on NameP, NameF and NameK have been updated and all my tests
seem to confirm they are working. Verified current signature algorithms
for all the NameX LDAP servers with this nifty command Drew passed on that
he was using to check his web servers:
echo -e ""; for s in namea.its.maine.edu namef.its.maine.edu
namei.its.maine.edu namek.its.maine.edu nameo.its.maine.edu
namep.its.maine.edu namet.its.maine.edu; do echo -e "$s:"; openssl s_client
-connect ${s}:636 </dev/null |& sed -n '/BEGIN CERTIFICATE/,/END
CERTIFICATE/p' | openssl x509 -noout -text |& grep "Signature Algorithm" |
uniq; echo -e ""; done;
namea.its.maine.edu:
Signature Algorithm: sha1WithRSAEncryption
namef.its.maine.edu:
Signature Algorithm: sha256WithRSAEncryption
namei.its.maine.edu:
Signature Algorithm: sha1WithRSAEncryption
namek.its.maine.edu:
Signature Algorithm: sha256WithRSAEncryption
nameo.its.maine.edu:
Signature Algorithm: sha1WithRSAEncryption
namep.its.maine.edu:
Signature Algorithm: sha256WithRSAEncryption
namet.its.maine.edu:
Signature Algorithm: sha256WithRSAEncryption
On Tue, May 19, 2015 at 3:46 PM, Irelann Anderson <[log in to unmask]> wrote:
> SHA1 signed SSL certificates are being deprecated and we need to upgrade
> all such certificates to SHA2.
>
> We are planning to upgrade the SSL certs on NameP, NameK, and NameF one at
> a time during the maintenance window on Sunday May 24th starting at 6AM.
> We should be done by 6:30.
>
> If all goes well, we plan to upgrade the SSL certs on NameO, NameA and
> NameI during the maintenance window on Wednesday morning May 27th at 6AM.
> We should be done by 6:30.
>
> The LDAP servers on LDAP-B, LDAP-Master and NameT have already been done.
>
> MOST software should not be affected by the change, but we have seen
> software that requires attention when SSL certificates change. Some that
> even requires the certificate and its intermediates be downloaded ahead of
> time. If you are running such software, contact me by email and I can
> send you the certificate and intrmediates for the LDAP server(s) you are
> using.
>
> --
> Irelann Kerry Anderson phone: (207)561-3508
> Systems and Operations
> Information Technology Services
> University of Maine System
> 5752 Neville Hall
> Orono, Maine 04469-5752
>
--
Irelann Kerry Anderson phone: (207)561-3508
Systems and Operations
Information Technology Services
University of Maine System
5752 Neville Hall
Orono, Maine 04469-5752
|
|
|