[tech] secure.ucc certificate expiry
David Adam
zanchey at ucc.gu.uwa.edu.au
Wed Jun 3 11:31:41 AWST 2015
On Wed, 3 Jun 2015, David Adam wrote:
> The TLS certificate for secure.ucc.asn.au (not *.ucc.asn.au) has expired
> (on May 11, 2015). We use the wildcard cert pretty much everywhere -
> HTTPS, IMAPS, SMTPS, RDP to Maaxen - but not the IPsec VPN, because
> StrongSwan doesn't support wildcards. The domain used for the VPN needs to
> be listed on the certificate as a subjectAltName, which on the wildcard
> cert is 'ucc.asn.au' as well as '*.ucc.asn.au'.
>
> At the moment I've changed the VPN to use 'ucc.asn.au' instead of
> 'secure.ucc.asn.au' (with appropriate firewall mangling), but I wonder if
> we could look at getting a few defined subjectAltNames added to our
> certificate. I don't think it's really worth renewing a separate
> certificate just for IPsec. Who looks after the wildcard certificate?
I found the login details (they're in uccpass now) but getting
subjectAltNames for wildcard certificates rapidly gets crazy expensive. I
went ahead and bought a PositiveSSL certificate for 'secure.ucc.asn.au'
(login details also in uccpass).
Bring on the death of the TLS "industry".
David Adam
zanchey at ucc.gu.uwa.edu.au
More information about the tech
mailing list