kamar web portal https
187 views
Skip to first unread message
Craig Knights
May 25, 2017, 8:10:18 PM5/25/17
to techies-f...@googlegroups.com
Hi,
We'd like to make our Kamar web portal https
I'm looking for recommendations on who to buy one from. I've never purchased one before.
Our school website is already, but that was done by the site builders / hosts
Domainz? GoDaddy?
thanks,
Craig
Craig
J B
May 25, 2017, 8:25:20 PM5/25/17
to techies-f...@googlegroups.com
We have used these people as they were cheap but decently supported across devices.
From: techies-f...@googlegroups.com <techies-f...@googlegroups.com> on behalf of Craig Knights <craig....@gmail.com>
Sent: Friday, May 26, 2017 12:10:16 PM
To: techies-f...@googlegroups.com
Subject: [techies-for-schools] kamar web portal https
Sent: Friday, May 26, 2017 12:10:16 PM
To: techies-f...@googlegroups.com
Subject: [techies-for-schools] kamar web portal https
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Kent
May 25, 2017, 8:26:31 PM5/25/17
to techies-f...@googlegroups.com
Hi Craig,
There are a number of options - with different pricing ranges too.
https://www.rapidssl.com/buy-ssl/ (a reseller for geotrust certificates)
Just make sure it's using SHA256 / 2048bit or higher. If you don't, then some browsers (eg. Google) will report that it's only semi secure.
It may be worthwhile contacting the site builders, as they may be able to supply a sub-domain to your current certificate (assuming it's for your school domain).
If you are just protecting the web portal, then you only need a single domain SSL certificate (which is the cheaper option).
Alternatively, you can get a wildcard certificate *.name.school.nz which means you can use it on any server within your domain - but these are considerably more expensive.
cheers
Kent.
Julian Davison
May 25, 2017, 8:27:15 PM5/25/17
to techies-f...@googlegroups.com
If you're feeling particularly cheap, and run your own server for it, you can always consider https://letsencrypt.org/ :)
On Fri, May 26, 2017 at 12:25 PM, J B <sensat...@hotmail.com> wrote:
We have used these people as they were cheap but decently supported across devices.
From: techies-for-schools@googlegroups.com <techies-for-schools@googlegroups.com> on behalf of Craig Knights <craig....@gmail.com>
Sent: Friday, May 26, 2017 12:10:16 PM
Subject: [techies-for-schools] kamar web portal https
Hi,--
We'd like to make our Kamar web portal https
I'm looking for recommendations on who to buy one from. I've never purchased one before.
Our school website is already, but that was done by the site builders / hosts
Domainz? GoDaddy?
thanks,
Craig
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
Nick Steenson
May 25, 2017, 8:27:54 PM5/25/17
to techies-f...@googlegroups.com
If you're looking for cheap...
I use it on all of my Apache servers, and have had success on using it for IIS/Windows servers, BUT not for the web portal... Yet. I'll try it again next week most likely.
Nick
On 26 May 2017 at 12:25, J B <sensat...@hotmail.com> wrote:
We have used these people as they were cheap but decently supported across devices.
From: techies-for-schools@googlegroups.com <techies-for-schools@googlegroups.com> on behalf of Craig Knights <craig....@gmail.com>
Sent: Friday, May 26, 2017 12:10:16 PM
Subject: [techies-for-schools] kamar web portal https
Hi,--
We'd like to make our Kamar web portal https
I'm looking for recommendations on who to buy one from. I've never purchased one before.
Our school website is already, but that was done by the site builders / hosts
Domainz? GoDaddy?
thanks,
Craig
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
 |
| ||||||||||||
trevor storr
May 25, 2017, 8:37:51 PM5/25/17
to techies-f...@googlegroups.com
letsencrypt - used here to really easy and free
On Fri, May 26, 2017 at 12:27 PM, Nick Steenson <stee...@mtaspiring.school.nz> wrote:
If you're looking for cheap...I use it on all of my Apache servers, and have had success on using it for IIS/Windows servers, BUT not for the web portal... Yet. I'll try it again next week most likely.Nick
On 26 May 2017 at 12:25, J B <sensat...@hotmail.com> wrote:
We have used these people as they were cheap but decently supported across devices.
From: techies-for-schools@googlegroups.com <techies-for-schools@googlegroups.com> on behalf of Craig Knights <craig....@gmail.com>
Sent: Friday, May 26, 2017 12:10:16 PM
To: techies-for-schools@googlegroups.com
Subject: [techies-for-schools] kamar web portal https
Hi,--
We'd like to make our Kamar web portal https
I'm looking for recommendations on who to buy one from. I've never purchased one before.
Our school website is already, but that was done by the site builders / hosts
Domainz? GoDaddy?
thanks,
Craig
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
--
Nick Steenson ICT Technician Mt Aspiring College p: +643 443 0463 (Ext 830) a: Plantation Rd, Wanaka 9305 e: stee...@mtaspiring.school.nz
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
cheers
Trevor
Trevor
Simon Wright
May 25, 2017, 8:38:56 PM5/25/17
to techies-f...@googlegroups.com
We use GoDaddy Wildcard OV Deluxe SSL cert for *.obhs.school.nz. Pricing isn't bad when compared to the likes of Symantec.
Haven't had any issues with it thus far
Regards
Simon Wright
ICT Manager
 | |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
On 26 May 2017 at 12:27, Nick Steenson <stee...@mtaspiring.school.nz> wrote:
If you're looking for cheap...I use it on all of my Apache servers, and have had success on using it for IIS/Windows servers, BUT not for the web portal... Yet. I'll try it again next week most likely.Nick
On 26 May 2017 at 12:25, J B <sensat...@hotmail.com> wrote:
We have used these people as they were cheap but decently supported across devices.
From: techies-for-schools@googlegroups.com <techies-for-schools@googlegroups.com> on behalf of Craig Knights <craig....@gmail.com>
Sent: Friday, May 26, 2017 12:10:16 PM
To: techies-for-schools@googlegroups.com
Subject: [techies-for-schools] kamar web portal https
Hi,--
We'd like to make our Kamar web portal https
I'm looking for recommendations on who to buy one from. I've never purchased one before.
Our school website is already, but that was done by the site builders / hosts
Domainz? GoDaddy?
thanks,
Craig
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
--
Nick Steenson ICT Technician Mt Aspiring College p: +643 443 0463 (Ext 830) a: Plantation Rd, Wanaka 9305 e: stee...@mtaspiring.school.nz
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
Mike Etheridge
May 25, 2017, 8:41:36 PM5/25/17
to techies-f...@googlegroups.com
Are this wildcard certs good for next level domains, like
or only
and
?
Mike
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
Julian Davison
May 25, 2017, 8:43:19 PM5/25/17
to techies-f...@googlegroups.com
Single level, so only the last two.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Simon Wright
May 25, 2017, 8:48:38 PM5/25/17
to techies-f...@googlegroups.com
What kind of odd sub domain names are you thinking of having?
Julian is probably correct, but i can test it.
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Julian Davison
May 25, 2017, 8:51:21 PM5/25/17
to techies-f...@googlegroups.com
It used to be the case, it was the first question I asked about wildcard domains.
At the time, looking to use something like
for staff.cbhs.school.nz, student.cbhs.school.nz and conceivably www.staff.cbhs.school.nz, portal.staff.cbhs.school.nz
Simon Wright
May 25, 2017, 8:58:53 PM5/25/17
to techies-f...@googlegroups.com
ok, ive added foo.bar to my domain registry and should come live in the next zone build at 1 pm.
Ive added site foo.bar.obhs.school.nz to my iis with a boiler plate html page. its setup for both http and https.
Now we pay the waiting game
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
Simon Wright
May 25, 2017, 9:01:34 PM5/25/17
to techies-f...@googlegroups.com
just tried it internally, no go...
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
Mike Etheridge
May 25, 2017, 9:24:51 PM5/25/17
to techies-f...@googlegroups.com
OK, that saves a lot of messing about trying to get a definitive answer. Nothing like an actual test. Cheers.
Mike
On 26/05/2017, at 1:00 PM, Simon Wright <simon....@obhs.school.nz> wrote:
just tried it internally, no go...
<image.png>
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
Kent
May 25, 2017, 9:31:52 PM5/25/17
to techies-f...@googlegroups.com
When you get a wildcard cert, you normally get the parent obhs.school.nz and also the wildcard for *.obhs.school.nz
This doesn't cover *.something.obhs.school.nz. You would need to get a wildcard for something.obhs.school.nz if you wanted to do that.
Kent.
Simon Wright
May 25, 2017, 9:39:52 PM5/25/17
to techies-f...@googlegroups.com
Can someone see if you go to https://foo.bar.obhs.school.nz and click continue after the cert warning if you end up seeing my foobar page.
I just tried it on my phone, so outside our network and weirdly it redirected me to achieve.org.nz
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Julian Davison
May 25, 2017, 9:40:54 PM5/25/17
to techies-f...@googlegroups.com
I was being redirected to achieve.org.nz, I assumed there was some DNS that hadn't fully updated...
I enjoyed the Firebrand 404 page, tho :)
Nick Steenson
May 25, 2017, 9:41:09 PM5/25/17
to techies-f...@googlegroups.com
Simon Wright
May 25, 2017, 9:45:10 PM5/25/17
to techies-f...@googlegroups.com
That is weird. May sorted itself out after a few more zone builds and propagation
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
Craig Knights
May 25, 2017, 9:46:27 PM5/25/17
to techies-f...@googlegroups.com
I got NET::ERR_CERT_COMMON_NAME_INVALID
Mike Etheridge
May 25, 2017, 11:22:42 PM5/25/17
to techies-f...@googlegroups.com
Got warning for insecure connection. Resolved ok once I added security exception, but I guess that answers the question.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
Jake Wills
May 27, 2017, 12:43:20 AM5/27/17
to Techies for schools
I know I'm late to the party... but there is an unofficial letsencrypt client for IIS as well which we use for our portal
More details can be found here: https://github.com/Lone-Coder/letsencrypt-win-simple/wiki
Can't go past a free certificate... you just run the client, answer some questions and leave it to auto-renew as needed.
Pete Mundy
May 29, 2017, 5:15:56 AM5/29/17
to techies-f...@googlegroups.com
Hi Craig
Just an off-the-cuff suggestion of different approach to achieving the same goal which you may not have thought of: put your existing portal behind Cloudflare's free-tier CDN (www.cloudflare.com).
They can use http to connect to you, and you then firewall inbound connections so they can only come from CF's proxies. The end users all see HTTPS and the certificate is theirs.
Total cost = nothing!
Plus you get IPv6 exposure thrown in for free, even when your existing host is IPv4 only :)
Pete
Craig Knights
May 29, 2017, 5:25:56 AM5/29/17
to techies-f...@googlegroups.com
the thing is, and I expect to be told otherwise, and I didnt check this, my boss asked for it, we need https to let us enable the parents-can-change-own-kamar-password-to-something-stupid feature.
all done today anyway, using a godaddy cert. we paid for a year long wildcard cert, I'll look at the free options before that renews. my boss wanted it done super quick... so a paid cert it was.
thanks,
Craig
Landyn Frisby
May 29, 2017, 4:37:35 PM5/29/17
to Techies for schools
We use letsencrypt on IIS, it auto renews - was painless to setup.
I also recommend checking over your server with https://www.ssllabs.com/ssltest/
Once it has finished your report, it lets you know any vulnerabilities - and how to patch them.
Kind Regards
Landyn Frisby
James Hargest College
Daniel Lewis
May 29, 2017, 5:28:30 PM5/29/17
to Techies for schools
We were with GoDaddy, but there costs went up considerably when I went to renew. We are now using a RapidSSL/Geotrust wildcard we purchased through trustico.co.nz.
Using trustico meant I could have accounts direct deposit NZ$ into a NZ account rather than using a CC.
Tracy Briscoe
May 29, 2017, 5:41:30 PM5/29/17
to techies-f...@googlegroups.com
Hi Pete
This sounds like a very bad idea.
You’re giving the end user the appearance that traffic to your web server is secure, when in fact it is not.
User >---[ Encrypted over public Internet :-) ]--------> Cloudflare >--- [ Unencrypted over public Internet :-( ]----> onsite webserver.
As UFB is using GPON, anyone with some technical nous on the same fibre circuit as the school, could in theory capture the unencrypted traffic destined to the school.
Regards,
Mr Tracy Briscoe
Network Engineer
St Peter's School, Cambridge, New Zealand
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Note: This communication may contain privileged and confidential information intended only for the addressee named above. Any views or opinions presented are solely those of the author. If you have received this message in error, we request you delete the message and notify the sender. Please do not distribute, copy or disclose any information. This e-mail has been scanned for viruses but all liability for viruses or similar in any attachment or message is excluded.
St Peter's School, Cambridge, New Zealand
Telephone: 647 827 9899 Fax: 647 827 9812
Website: www.stpeters.school.nz
Please consider the environment before printing this email
Pete Mundy
May 29, 2017, 6:30:55 PM5/29/17
to techies-f...@googlegroups.com
Heya Tracy
You are of course quite technically correct! Although I'd point out that there are a fair few N4L connections down this way don't actually use UFB circuits (ie UFB-project funded fibre connections from LFCs such as Chorus) for the last mile connection.
Also, between N4L and CloudFlare, the 'public internet' part is only the APE peering fabric and switches (the traffic never traverses any transit providers in-between), so it's not very accessible or public unless other than to the APE provider (Citylink). Given that almost all of the links in the HTTP-only chain are on private networks that we should be able to trust, I figured the risk wasn't that high :)
But since it's a very fair and valid point, one option to address it would be change the school<->CF link to using https with a (free) self-signed certificate. CF will proxy to your server without complaining about the certificate between you and them (if you configure their portal to do so), and then use their own certificate for the connections from the public-internet clients.
Pete
----
Did you know you can encrypt your emails to me using GPG tools? https://gpgtools.org
My public-key is available at: https://fiberphone.co.nz/petes-public-key.asc
It's fingerprint is: D983 810E 9176 6BD0 0F39 521C 3C23 2F32 00DB C768
My public-key is available at: https://fiberphone.co.nz/petes-public-key.asc
It's fingerprint is: D983 810E 9176 6BD0 0F39 521C 3C23 2F32 00DB C768
Simon Wright
May 29, 2017, 7:15:03 PM5/29/17
to techies-f...@googlegroups.com
Cheers for that link Landyn, ive spent the morning improving the security of my webserver!
The IISCrypto tool is also very helpful.
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
Landyn Frisby
May 29, 2017, 7:32:23 PM5/29/17
to techies-f...@googlegroups.com
All good Simon.
IISCrypto is an essential tool if you are using IIS. Seems Microsoft do not patch these vulnerabilities...
It is a good feeling when you achieve the A rating.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/cQV5mZKtj-I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-schools+unsub...@googlegroups.com.
Kind Regards,
Landyn Frisby
ICT Systems Engineer
Nick Steenson
Jun 25, 2017, 9:05:23 PM6/25/17
to techies-f...@googlegroups.com
I know this is resurrecting an old thread a little, but, if you haven't already secured your portal, here's an easy and free solution.
I just re-did ours and it's beautifully simple with automatic renewals etc.
Don't forget to ensure all traffic goes to HTTPS!
Nick
To unsubscribe from this group and all its topics, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Kind Regards,Landyn FrisbyICT Systems Engineer
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Matt Strickland
Jun 25, 2017, 9:44:16 PM6/25/17
to Techies for schools
That's another job I need to sort - best option for Apache too? (Debian webserver here)
Or just apply a wildcard if purchased for other stuff? - Don't think you can wildcard 802.1x but I have considered using a trusted chain for radius.
Matt
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/cQV5mZKtj-I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Kind Regards,Landyn FrisbyICT Systems Engineer
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
Nick Steenson
Jun 25, 2017, 9:47:14 PM6/25/17
to techies-f...@googlegroups.com
Apache/Linux has been supported by letsencrypt since its inception, have secured many a raspberry-Pi webserver with it, including auto renewal.
Without reading it, this might be more specific:
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-8
Nick
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/cQV5mZKtj-I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Kind Regards,Landyn FrisbyICT Systems Engineer
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
Jake Wills
Jun 25, 2017, 9:47:43 PM6/25/17
to techies-f...@googlegroups.com
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/cQV5mZKtj-I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Kind Regards,Landyn FrisbyICT Systems Engineer
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
--
Nick Steenson ICT Technician Mt Aspiring College p: +643 443 0463 (Ext 830) a: Plantation Rd, Wanaka 9305 e: stee...@mtaspiring.school.nz
--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/cQV5mZKtj-I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Sent from my phone, so please forgive any typos.
Julian Davison
Jun 25, 2017, 9:47:50 PM6/25/17
to techies-f...@googlegroups.com
letsencrypt is easy with apache, so I'd do that unless you've got other uses for wildcarded certs.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/cQV5mZKtj-I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Kind Regards,Landyn FrisbyICT Systems Engineer
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
--
Nick Steenson ICT Technician Mt Aspiring College p: +643 443 0463 (Ext 830) a: Plantation Rd, Wanaka 9305 e: stee...@mtaspiring.school.nz
--
Mike Etheridge
Jun 25, 2017, 9:48:06 PM6/25/17
to techies-f...@googlegroups.com
Yep, works for Apache, actually super easy. This is for Ubuntu, not sure how much difference in the versions, but thats more or less Debian !^)
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
Simon Wright
Jun 25, 2017, 9:50:53 PM6/25/17
to techies-f...@googlegroups.com
on the 802.11x thing, yes, wildcards don't work, it needs to be very specific. honestly, self-signed works fine as most clients have the ability to ignore the cert. The only minor issues is anything Windows 7 or earlier, you have to manually create the wireless profile. Students with Windows 7 laptops are becoming far and few between.
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
Kevin Whelan
Jun 25, 2017, 10:10:43 PM6/25/17
to Techies for schools
wildcards yes learnt that the hard way, why does apple and now microsoft have followed just let the clients completely ignore the validity of the cert and connect. We used to use that cert requirement to actually help secure the connection in the past, and now in the effort to make it seemless for clients they just bypass it. Makes a mockery of certs and there intended design.
Matt Strickland
Jun 25, 2017, 11:16:39 PM6/25/17
to Techies for schools
Yes still using self signed,
I've found in newer Android builds you have to select 'do not check' and they seem to be keen on hiding / making this choice difficult to find.
Hence the thinking of purchasing a cert specific for 802.1x, client/server authentication (and also have to use external FQDN for host obviously eg wifi.schoolname.school.nz)
Matt
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/cQV5mZKtj-I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Kind Regards,Landyn FrisbyICT Systems Engineer
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
--
Simon Wright
Jul 6, 2017, 5:20:16 PM7/6/17
to techies-f...@googlegroups.com
Just a little bit of info i read this morning.
Lets Encrypt will be offering free wildcard certs from Jan next year
Regards
Simon Wright
ICT Manager
| |
| Best for boys through the right learning | |
| 2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz
| |
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/cQV5mZKtj-I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Kind Regards,Landyn FrisbyICT Systems Engineer
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
--
Nick Steenson ICT Technician Mt Aspiring College p: +643 443 0463 (Ext 830) a: Plantation Rd, Wanaka 9305 e: stee...@mtaspiring.school.nz
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
--
Nick Steenson ICT Technician Mt Aspiring College p: +643 443 0463 (Ext 830) a: Plantation Rd, Wanaka 9305 e: stee...@mtaspiring.school.nz
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nick Steenson
Jul 6, 2017, 5:22:37 PM7/6/17
to techies-f...@googlegroups.com
Well now THAT'S exciting! Basically that means my ZoneDirector Letsencrypt guide will be pointless but for uploading the new cert every 80-90 days.
Encrypt all the things!
Nick
Landyn Frisby
Jul 6, 2017, 5:35:19 PM7/6/17
to techies-f...@googlegroups.com
This is very awesome news. This will make it a lot easier to encrypt everything!
To unsubscribe from this group and all its topics, send an email to techies-for-schools+unsub...@googlegroups.com.
Jake Wills
Jul 6, 2017, 5:43:56 PM7/6/17
to techies-f...@googlegroups.com
Fantastic!
Kind Regards,
Jake Wills
co-HOD Mathematics, Head of e-Learning
Kāpiti College
Margaret Road, Raumati Beach 5032
04 902 5121 - 021 061 5390
Reply all
Reply to author
Forward
0 new messages