That sha2 upgrade


rsa2Months later after writing this (my blog) The monkeys houses web email stopped working i eventually reckoned wrongly as it turns out that the postfix tls was bad so if I was to fix it i could also need the reissue sha1 to sha256 for everything else.  After all its better and in rating things its preferred.

The upgrade was not too bad once i had the right place to find the option and with some clicks down came the cert.

Quays (my blog) gave me no bonus points for the web server better protocol but then i am chill with a-.  However despite sha256 i still get the yellow triangle of doom in google chrome which i assume is down to the appended sha256 and the original sha1 signatures still being in place.  hpkp (my blog) does not need altering the has remains the same

Cannot win it seems.  I suppose i wait for google-chrome to prefer sha256 over sha1, or cancel the certificate and do it sha256 only.  Too much bother.  Chromium the open source version can handle it. – go figure

The mail issue was tracked down to an unrelated security setting but in apache instead, but that is a tale for another day.

One response

  1. Pingback: Google Chrome browser gets an sha256 tls fix. | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.