[tech] UCC wildcard certificate

David Adam zanchey at ucc.gu.uwa.edu.au
Thu Nov 5 23:17:44 AWST 2015


On Thu, 5 Nov 2015, Matt Johnston wrote:
> >> On Wed 4/11/2015, at 10:09 am, David Adam <zanchey at ucc.gu.uwa.edu.au> wrote:
> >> 
> >> Alternatively, we could just turn HTTPS off for subdomains. We've got a 
> >> cert for secure.ucc.asn.au that's good until 2018. I didn't put HSTS on my 
> >> domain ;-)
> 
> I've set up letsencrypt certificates for https www.ucc.asn.au, 
> ucc.asn.au and matt.ucc.asn.au (those were the ones I submitted with 
> their beta). https secure.ucc has gone back to using the comodo 
> certificate expiring in 2018. You put multiple "sslcertificatefile"/key 
> lines for different virtualhosts in Apache's config it seems to 
> magically figure it which cert to use. Other user webspace certificates 
> expires on 11 November. Once letsencrypt is generally available I'll get 
> certs for all subdomains again - looking at the web logs there's seems 
> to be only accidental traffic to other domains (apart from zanchey.ucc).
> 
> I've switched postfix and dovecot (SMTP and IMAP) back to the 2018 
> secure.ucc certificate. I guess wifi or something else might also need 
> attention?

Wifi uses the UCC CA certificates, as does LDAP.

Maaxen has the wildcard certificate installed for its RDP server; can just 
go back to the self-signed cert for now.

[DAA]


More information about the tech mailing list