SSL Cert request
  • Mostly I guess this is for Ben, but maybe for folks running your own servers...

    Any chance a future version will let us set a different SSL key location? All of the new browsers are starting to complain about strict transport security and certs that don't have the same host name, and recently FireFox won't let you add an exception (which I find annoying, but that's a different rant). Soooo... I have a cert for ferrellmac, and I run a bunch of servers on that NAT address. I have successfully installed this cert in my SecuritySpy directory (so thanks for the good instructions there), but would really like to just have one copy of my certs on my NAS, and have all of my Apache instances reference that (especially with LetsEncrypt certs expiring every 30 days!). Any hope to get this added?

    Brett
  • Hi Brett, this is an interesting idea, and I see the utility, but it's not trivial to implement, requiring significant UI modification. Also SecuritySpy relies on having ready access to these certificates locally. I think the best thing for you to do would be to write a script (bash script or AppleScript) that copies over these certificates from your NAS, renaming them as necessary. Then you can use cron to schedule the script to run every day. If you need help implementing this please let me know.
  • I would suggest a wildcard cert from cheapssls.com or similar broker site instead of LetsEncrypt. It’s generally around $95/yr (USD) when paying per year and cheaper when paying multiple years. And much less administrative overhead with scripting and system modifications. Especially for the number of systems mentioned above.
  • Yea, I got a wildcard cert, and I can write the script, was just hoping. :-)

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!