Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

SSL certificate

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!
User avatar

Topic Author
Tealc
ForumHelper
Posts: 238
Joined: Tue Jan 28, 2014 12:38 am

SSL certificate

Post by Tealc » Wed Mar 12, 2014 12:12 pm

Good morning to you all, just a small question, where did you bought the ssl certificate for this forum and the main site? I'm currently searching some sales certificate for my https server and I can't find one that my chrome browser in android doesn't says that it's not safe, yours work very well...


Thank you

User avatar

DesuStrike
ForumHelper
Posts: 287
Joined: Thu Oct 24, 2013 2:37 pm

Re: SSL certificate

Post by DesuStrike » Wed Mar 12, 2014 12:15 pm

http://ssl.comodo.com/

I for one would always use a self created, self signed certificate over a commercial one but then again you want to get no SSL warnings and this can only be archived by using a "trusted" certificate authority to sign your keys. So you pretty much have no choice.

Cheers!
home is where the artillery hits

User avatar

Topic Author
Tealc
ForumHelper
Posts: 238
Joined: Tue Jan 28, 2014 12:38 am

Re: SSL certificate

Post by Tealc » Wed Mar 12, 2014 12:29 pm

Hi. Thank you for your fast reply. one more question do you know what type you bought? Was it the 67 euros a year or something more expensive?

User avatar

DesuStrike
ForumHelper
Posts: 287
Joined: Thu Oct 24, 2013 2:37 pm

Re: SSL certificate

Post by DesuStrike » Wed Mar 12, 2014 6:02 pm

I'm sorry but I unfortunately can't answer that question.
I'm just a normal community member like you are but with a fancy colored name and two or three moderation powers. ;)

I simply read the issuing CA from the certificate. A staffer will have to specify what service in particular was bought from Comodo though.
home is where the artillery hits

User avatar

marzametal
Posts: 432
Joined: Mon Aug 05, 2013 11:39 am

Re: SSL certificate

Post by marzametal » Thu Mar 13, 2014 11:37 am

I was wondering why the cert details mentioned Comodo...

User avatar

DesuStrike
ForumHelper
Posts: 287
Joined: Thu Oct 24, 2013 2:37 pm

Re: SSL certificate

Post by DesuStrike » Thu Mar 13, 2014 3:44 pm

I wouldn't pay too much attention to this detail anyways. The whole CA model of SSL is broken way beyond any repair.
In my opinion it's more dangerous to use a certificate issued and trusted by a CA than just using your own signed certificate. The only problem is that browsers will give people a warning message and this confuses non tech-savvy people.

I won't go any further into detail because it's just a really messy topic with tons of quirks and problems around every corner. So all I will say is the following:
If you have a servers that is used by lots of strangers, I'd go for a CA issued certificate so nobody gets confused.
If you have a server just for yourself, create your own certificate and add it to your trusted cert list. You will save yourself a lot of money.
home is where the artillery hits

User avatar

Topic Author
Tealc
ForumHelper
Posts: 238
Joined: Tue Jan 28, 2014 12:38 am

Re: SSL certificate

Post by Tealc » Fri Mar 21, 2014 12:19 pm

@DesuStrike I see your point and some time ago I've only used self signed certificates, the problem is that recently I've added a owncloud server and their syncs apps, windows, android and iPhone keeps constantly checking if the certificate is valid and if it's not it will give an error to accept and memorize, but it doesn't memorize so it just keeps given that error every time I try to upload or download a file, and that's quite annoying....

That's why I must use a CA like this one in the forum, but the big problem to me is that I've tried their 90 days test and my android device keeps giving the error, another problem is that you're obligated to pay by credit card or PayPal, and I just refuse to use my credit card online even if it's on a "trusted" site.

My question is: Do you know of a way to add self signed CAs correctly to a android device?

Thank you very much for your patience and understanding.

User avatar

DesuStrike
ForumHelper
Posts: 287
Joined: Thu Oct 24, 2013 2:37 pm

Re: SSL certificate

Post by DesuStrike » Sat Mar 22, 2014 3:54 am

huh. Afaik only davDroid is being a dick in not allowing to permanently add self signed certs. Any other ownCloud application, especially those directly from ownCloud do memorize the certs perfectly fine.
If they don't do so I would consider checking your cert fingerprints if they change. If yes: Big problem!
I mean... eh... Do I understand you right: You say ALL apps, no matter what OS do this? Sounds very strange to me. This would be the moment I go into full panaroid mode and check if something or somebody is either changing my certs or intercepting my requests.

If not, it's some bug I don't know how to fix. Your ownCloud apps really should memorize your certificate. Adding your own CA certs to android is a pain in the ass and I never got it to work in that way that a davDroid would accept it. So either I did it wrong or just that one app is just garbage.
Either way I can't help you really. This is something for an Android expert to answer.

PS: davDroid really just serves as an example here.
home is where the artillery hits

User avatar

Topic Author
Tealc
ForumHelper
Posts: 238
Joined: Tue Jan 28, 2014 12:38 am

Re: SSL certificate

Post by Tealc » Wed Mar 26, 2014 11:33 pm

So I've RTFM and found the problem....

I manage my server with Webmin 1.680 and in the config opinion for the Apache server in the SSL virtual host, there is no place for a simple "code" that doesn't get the "chain" added to make the certificate trusted.....

After a couple of hours I've found that it was better to make everything in the terminal, and so I've followed the https://support.comodo.com/index.php?_m ... gconfirm=1 and the difference from this method and the Webmin method was the

Code: Select all

 SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle
, after I've added this it started to work with the owncloud app both windows and android....

So it seems it was my problem not the server LOL

Thank you very much for everyone that replied to this topic


dieting
Posts: 1
Joined: Tue Dec 30, 2014 6:03 pm

Re: SSL certificate

Post by dieting » Tue Dec 30, 2014 6:07 pm

If they don't do so I would consider checking your cert fingerprints if they change. If yes: Big problem!
I mean... eh... Do I understand you right: You say ALL apps, no matter what OS do this? Sounds very strange to me. This would be the moment I go into full panaroid mode and check if something or somebody is either changing my certs or intercepting my requests.??

Locked