LISTSERV - NETANN-L Archives

NETANN-L Archives

- NETANN-L - Networkmaine Network Announcement List

NETANN-L@LISTS.MAINE.EDU

	LISTSERV Archives
	NETANN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: We will be updating the SSL certificates on the LDAP servers to SHA2
From:	Irelann Anderson <[log in to unmask]>
Reply To:	- NETANN-L - Networkmaine Network Announcement List <[log in to unmask]>
Date:	Sun, 24 May 2015 06:52:40 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (75 lines)

The SSL certs on NameP, NameF and NameK have been updated and all my tests
seem to confirm they are working.  Verified current signature algorithms
for all the NameX LDAP servers with this nifty command Drew passed on that
he was using to check his web servers:

echo -e ""; for s in namea.its.maine.edu namef.its.maine.edu
namei.its.maine.edu namek.its.maine.edu nameo.its.maine.edu
namep.its.maine.edu namet.its.maine.edu; do echo -e "$s:"; openssl s_client
-connect ${s}:636 </dev/null |& sed -n '/BEGIN CERTIFICATE/,/END
CERTIFICATE/p' | openssl x509 -noout -text |& grep "Signature Algorithm" |
uniq; echo -e ""; done;

namea.its.maine.edu:
    Signature Algorithm: sha1WithRSAEncryption

namef.its.maine.edu:
    Signature Algorithm: sha256WithRSAEncryption

namei.its.maine.edu:
    Signature Algorithm: sha1WithRSAEncryption

namek.its.maine.edu:
    Signature Algorithm: sha256WithRSAEncryption

nameo.its.maine.edu:
    Signature Algorithm: sha1WithRSAEncryption

namep.its.maine.edu:
    Signature Algorithm: sha256WithRSAEncryption

namet.its.maine.edu:
    Signature Algorithm: sha256WithRSAEncryption


On Tue, May 19, 2015 at 3:46 PM, Irelann Anderson <[log in to unmask]> wrote:

> SHA1 signed SSL certificates are being deprecated and we need to upgrade
> all such certificates to SHA2.
>
> We are planning to upgrade the SSL certs on NameP, NameK, and NameF one at
> a time during the maintenance window on Sunday May 24th starting at 6AM.
>  We should be done by 6:30.
>
> If all goes well, we plan to upgrade the SSL certs on NameO, NameA and
> NameI during the maintenance window on Wednesday morning May 27th at 6AM.
> We should be done by 6:30.
>
> The LDAP servers on LDAP-B, LDAP-Master and NameT have already been done.
>
> MOST software should not be affected by the change, but we have seen
> software that requires attention when SSL certificates change.   Some that
> even requires the certificate and its intermediates be downloaded ahead of
> time.   If you are running such software, contact me by email and I can
> send you the certificate and intrmediates for the LDAP server(s) you are
> using.
>
> --
> Irelann Kerry Anderson          phone:    (207)561-3508
> Systems and Operations
> Information Technology Services
> University of Maine System
> 5752 Neville Hall
> Orono, Maine 04469-5752
>



-- 
Irelann Kerry Anderson          phone:    (207)561-3508
Systems and Operations
Information Technology Services
University of Maine System
5752 Neville Hall
Orono, Maine 04469-5752

ATOM RSS1 RSS2

LISTS.MAINE.EDU