SSL

On December 12, 2012, I stopped receiving mail sent to my email address at triplewhitefox.com. It was two days before I realized it. You see, I have it picked up by Gmail from the triplewhitefox.com server so I can use Gmail for dealing with all of my email. I also have a Gmail address for the same inbox. So, I was still receiving some mail – the mail sent directly to my Gmail address.

It turned out that, without warning, on that date Gmail stopped supporting secure, encrypted SSL connections where the server did not have a valid certificate. From Gmail help:

As of December 2012, Gmail uses “strict” SSL security. This means that we’ll always enforce that your other provider’s remote server has a valid SSL certificate. We made this change to offer a higher level of security to better protect your information.

This was precisely my situation. I was using a self-issued certificate that came installed on my web server. I had, in the past, considered a proper SSL certificate and migration to https but I was put off by the cost of a certificate. Most providers charge hundreds of dollars and they must be renewed every year or two.

Not wanting to transmit my mail to Google over a non secure connection, I started to search for alternatives. I found one in StartCom which provides a basic SSL Certificate for free.

Over the past few days I have worked on installing one on my web server and also on my mail server. It was a little tricky to get my Dovecot mail server running with the certificates but the post here was very helpful. I also found the certificate checker at digicert helpful while debugging my configuration. You just enter your hostname:port and it checks the certificate.

As a side effect of securing my mail, triplewhitefox.com is now available over https.

The home page: https://www.triplewhitefox.com

The forums: https://triplewhitefox.com/servlet/forum

This blog: https://triplewhitefox.com/WordPress/

Admittedly, it is not perfect. Some links in the various parts of the site will switch you back to http. I need to do some cleanup. I could make a global change to force all traffic to switch to https but I think I will hold off on that until I see how well it goes with this hybrid solution. Also, the site includes some non-secure content in the form of the ebay ads so, if you view the certificate, you will see a warning about this.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.