Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: stephdl on July 03, 2014, 09:14:29 PM

Title: smeserver-certificate : need tests
Post by: stephdl on July 03, 2014, 09:14:29 PM

Hi all

I have a new little contrib to test before to be released and further more I'm not really aware on  SSL certificate concept, so I need surely your Advices.
http://mirror.de-labrusse.fr/Sme-Server/smeserver-certificate/

The purpose is to offer a contrib to write the key, the crt and the chain.pem if needed (SSL intermediate chain certificate). Only for sme9 yet

If you make a mistake on the certificate, the webserver may crash, simply do in a root terminal  signal-event certificate-revert to revert to the sme original certificate.
In the server manager if you want to get back to the sme certificate, simply blank all fields and save.

You could advice on wording and new features if they lack (I mean the use of CommonName by example)

Code: [Select]

wget http://mirror.de-labrusse.fr/Sme-Server/smeserver-certificate/smeserver-certificate-0.0.3-1.el6.sme.noarch.rpm
yum install smeserver-certificate-0.0.3-1.el6.sme.noarch
signal-event console-save
Each time you press Save, the web server is restarted so you may need to load again the page (F5 or ctrl+F5) and look about the SSL certificate displayed by your browser

Title: Re: smeserver-certificate : need tests
Post by: stephdl on August 03, 2014, 06:35:26 PM

released in my repository, both for sme8 and sme9 http://wiki.contribs.org/Certificate_ssl_management

Title: Re: smeserver-certificate : need tests
Post by: stiperstones on August 27, 2014, 10:13:49 AM

And here is a site to test your new certificate out on

SSL Server Test (https://www.ssllabs.com/ssltest)

Title: Re: smeserver-certificate : need tests
Post by: stephdl on August 27, 2014, 12:23:46 PM

You should add it to the relevant wiki page

Title: Re: smeserver-certificate : need tests
Post by: stiperstones on August 27, 2014, 03:33:49 PM

Will do later

Title: Re: smeserver-certificate : need tests
Post by: brianr on August 27, 2014, 04:15:04 PM

Quote from: stiperstones on August 27, 2014, 03:33:49 PM

Will do later

I've done it for you - feel free to edit it:

http://wiki.contribs.org/Certificate_ssl_management#Testing

Title: Re: smeserver-certificate : need tests
Post by: stiperstones on August 27, 2014, 08:19:34 PM

Thanks Brain that's great

Title: Re: smeserver-certificate : need tests
Post by: Fumetto on August 28, 2014, 07:57:41 PM

Test one SME 8.1 full updated, I have this return:

Quote

This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224), but probably not exploitable.

Should I be concerned?

Title: Re: smeserver-certificate : need tests
Post by: stephdl on August 28, 2014, 09:24:47 PM

maybe tied http://bugs.contribs.org/show_bug.cgi?id=8539

Title: Re: smeserver-certificate : need tests
Post by: CharlieBrady on August 28, 2014, 09:32:42 PM

Quote from: Fumetto on August 28, 2014, 07:57:41 PM

Test one SME 8.1 full updated, I have this return:Should I be concerned?

If you have any concerns (which clearly you do) you should open a bug report (check 'security' in the form).

Title: Re: smeserver-certificate : need tests
Post by: CharlieBrady on August 28, 2014, 09:33:43 PM

Quote from: stephdl on August 28, 2014, 09:24:47 PM

maybe tied http://bugs.contribs.org/show_bug.cgi?id=8539

PHP bugs couldn't cause a security concern with openssl handshakes. So, no.

Title: Re: smeserver-certificate : need tests
Post by: Fumetto on August 28, 2014, 10:20:06 PM

Quote from: CharlieBrady on August 28, 2014, 09:32:42 PM

If you have any concerns (which clearly you do) you should open a bug report (check 'security' in the form).

Thanks for the suggestion, in fact, is perhaps the best thing to do
http://bugs.contribs.org/show_bug.cgi?id=8545