[PyVigo] Actualización del certificado SSL de la Web
Luis González Fernández
luisgf at luisgf.es
Wed Jan 6 08:28:08 CET 2016
El 2016-01-06 00:43, Miguel Gesteiro escribió:
> hola!
>
> gracias por la info, superinteresante (voy a tener exactamente el
> mismo problema ;)
>
> y ya puestos a hacerlo bien... porqué no rediriges el domino HTTP al
> httpS?
Vaya, el primero en darse cuenta. Por defecto era así, ya que el
servidor informaba del HSTS. Al pasar a let's encrypt tengo ciertos
problemas con mi script para el cálculo de los PINs y su publicación.
Dada la temporalidad de los certificados y sus claves, la activación de
HSTS se complica un poco. No obstante, como medida preventiva voy a
poner un Redirect clásico, que resolverá la papeleta hasta que no
solucione este tema.
Un saludo, luis.
>
> saludos!
>
>
> El 5/1/16 a las 9:09, Luis González Fernández escribió:
>> Hola a Todos:
>>
>> El certificado de la www.python-vigo.es expiró hace unos dias. El
>> anterior certificado estaba emitido por StartCom SSL, una empresa que
>> ofrecia certificados gratuitos pero con una calidad de servicio
>> pésima.
>>
>> Asi pues, aprovechando la coyuntura he actualizado el certificado del
>> sitio web por uno expedido por Let's Encrypt, el cual se alinea un
>> poco
>> más con nosotros ya que su cliente se encuentra escrito en Python :-)
>>
>> Para los que no conozcan el proyecto, les animo a echar un vistazo a
>> su
>> sitio web en https://letsencrypt.org/
>>
>> Y ahora lo importante, aqui teneis las huellas y los datos del nuevo
>> certificado:
>>
>> Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number:
>> 01:86:0b:c0:c4:24:83:1f:33:0d:c8:40:b8:04:5d:49:2f:94
>> Signature Algorithm: sha256WithRSAEncryption
>> Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1
>> Validity
>> Not Before: Jan 5 07:02:00 2016 GMT
>> Not After : Apr 4 07:02:00 2016 GMT
>> Subject: CN=python-vigo.es
>> Subject Public Key Info:
>> Public Key Algorithm: rsaEncryption
>> Public-Key: (4096 bit)
>> Modulus:
>> 00:cf:8e:a3:88:0d:aa:3f:80:d1:60:a1:06:f4:15:
>> 91:7b:81:56:f3:49:54:ab:35:b1:b7:dc:0a:99:56:
>> 84:e3:3c:ea:c4:6c:38:66:96:e3:37:82:81:e1:2c:
>> c5:04:29:03:37:3c:34:d6:48:91:98:51:d1:21:f5:
>> 71:15:2f:bd:64:0f:cd:6c:2b:e1:67:dc:f5:bd:38:
>> be:ae:4f:58:ac:c3:0f:49:45:86:c2:db:df:f4:90:
>> cc:ab:99:47:eb:81:4b:d6:d6:d3:e7:f1:0c:cf:58:
>> d8:b8:84:e5:b2:51:00:98:c8:15:fc:a6:72:cb:04:
>> 84:10:c2:a9:53:44:9d:2f:79:dd:5e:d6:84:12:e4:
>> eb:6d:b4:12:69:6f:b7:76:e8:cf:6d:14:63:16:4a:
>> 9f:a7:dd:7d:c0:4e:fa:0b:c0:ef:28:3d:4e:3a:dc:
>> 3f:b6:84:8a:8e:9c:5a:17:31:e0:a8:5e:bf:94:ab:
>> 35:74:1b:5d:20:17:05:42:9d:39:c9:90:cd:47:b8:
>> c0:98:ba:7f:b9:60:16:db:46:a1:73:aa:30:b3:39:
>> a6:2d:92:f8:52:1f:84:a1:f8:5f:81:ea:1f:d2:86:
>> f3:6c:49:cc:ab:44:fd:5f:45:06:02:97:64:26:dc:
>> d9:e8:ed:da:ec:84:47:99:aa:4b:6f:55:39:e9:4d:
>> 6c:03:a2:01:b6:7c:0d:6d:8f:c4:2a:f6:45:88:5e:
>> 0d:ee:bd:da:2a:ce:a3:7b:1a:53:00:d5:82:bd:1f:
>> b2:f4:05:bb:06:7e:6c:a0:43:34:6e:3c:25:84:f5:
>> c3:24:44:e3:29:bd:80:fc:89:8f:38:e9:a0:52:2b:
>> 1d:06:bc:69:a6:76:10:24:56:4c:9d:96:85:46:1f:
>> 01:46:95:a6:9b:c4:2d:89:80:f6:68:45:70:e5:39:
>> 27:80:a6:da:fd:da:dd:b1:ec:f5:62:08:ba:46:18:
>> ff:83:aa:44:28:26:98:b4:52:13:5a:99:39:12:fe:
>> a5:16:9e:18:f8:bf:55:f6:a4:c2:25:6b:fd:d3:0d:
>> 36:e2:bd:ac:6a:e2:13:95:8f:ad:51:ff:96:9d:7c:
>> 1d:eb:38:ce:24:19:b0:e5:e4:e8:8a:1d:8d:41:6e:
>> dc:91:bb:05:9b:dd:14:b8:0a:54:40:d1:7e:10:e9:
>> 2c:e3:f3:24:3d:ed:61:c9:14:78:c3:38:61:7b:51:
>> 77:11:2e:ef:b2:00:19:d7:1f:ac:f6:ae:c0:b8:d1:
>> 84:38:90:a9:6e:e6:75:29:d7:3f:5d:71:fa:8a:e2:
>> 8a:31:20:76:a4:d2:39:ea:3a:06:e2:47:ef:b8:31:
>> 5b:c9:3d:71:79:fd:ea:a0:e3:e9:d2:62:a0:73:12:
>> bf:7d:2d
>> Exponent: 65537 (0x10001)
>> X509v3 extensions:
>> X509v3 Key Usage: critical
>> Digital Signature, Key Encipherment
>> X509v3 Extended Key Usage:
>> TLS Web Server Authentication, TLS Web Client
>> Authentication
>> X509v3 Basic Constraints: critical
>> CA:FALSE
>> X509v3 Subject Key Identifier:
>> 88:99:61:6F:6E:B9:FB:8D:0D:1B:B5:D9:5A:BB:75:D3:21:25:59:60
>> X509v3 Authority Key Identifier:
>> keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
>>
>> Authority Information Access:
>> OCSP - URI:http://ocsp.int-x1.letsencrypt.org/
>> CA Issuers - URI:http://cert.int-x1.letsencrypt.org/
>>
>> X509v3 Subject Alternative Name:
>> DNS:python-vigo.es, DNS:www.python-vigo.es
>> X509v3 Certificate Policies:
>> Policy: 2.23.140.1.2.1
>> Policy: 1.3.6.1.4.1.44947.1.1.1
>> CPS: http://cps.letsencrypt.org
>> User Notice:
>> Explicit Text: This Certificate may only be
>> relied
>> upon by Relying Parties and only in accordance with the Certificate
>> Policy found at https://letsencrypt.org/repository/
>>
>> Signature Algorithm: sha256WithRSAEncryption
>> 1a:a9:d3:06:f4:a0:1d:3e:0d:e9:2e:ee:55:39:b6:b8:d0:c4:
>> 8b:5b:ec:c9:03:ce:2e:34:fb:31:85:b3:53:84:70:d8:b8:66:
>> 76:da:45:38:e8:dc:0d:98:c5:c1:36:a0:65:32:45:67:95:fe:
>> ad:fe:77:0b:9f:71:2b:36:c6:14:f9:9b:16:1c:b0:d8:67:ae:
>> e3:b0:6e:a6:6a:f6:f3:fa:4f:38:10:9c:a1:dd:d3:2a:5d:28:
>> 34:c6:aa:18:d3:c0:20:e0:8e:2e:30:e3:b9:29:75:e9:90:d6:
>> ca:22:c0:c9:5f:e4:ca:a3:2c:8b:5b:f6:37:93:d4:bc:46:24:
>> 45:33:90:2b:ee:7a:a6:88:e9:86:78:7d:a9:4e:20:05:93:83:
>> 14:aa:5f:a3:71:75:de:7a:1e:c2:8a:e7:ac:19:91:da:3d:bf:
>> 4e:63:8c:e1:be:86:ad:49:c6:99:19:1f:0a:00:ed:54:00:8d:
>> b3:ec:1d:2a:a4:e1:d7:3c:a5:2c:d5:ad:ea:a2:d8:52:87:0e:
>> ca:df:16:23:35:ed:8f:a2:06:14:4a:6d:30:ac:4e:50:d4:99:
>> 69:61:b5:05:40:bb:b1:b1:20:d3:dc:a4:07:eb:04:90:b6:e7:
>> 58:47:08:41:93:f6:4e:fe:9a:d4:c1:d9:66:d4:07:e6:a7:63:
>> 14:a5:16:7f
>> -----BEGIN CERTIFICATE-----
>> MIIGFDCCBPygAwIBAgISAYYLwMQkgx8zDchAuARdSS+UMA0GCSqGSIb3DQEBCwUA
>> MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
>> ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAxMDUwNzAyMDBaFw0x
>> NjA0MDQwNzAyMDBaMBkxFzAVBgNVBAMTDnB5dGhvbi12aWdvLmVzMIICIjANBgkq
>> hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz46jiA2qP4DRYKEG9BWRe4FW80lUqzWx
>> t9wKmVaE4zzqxGw4ZpbjN4KB4SzFBCkDNzw01kiRmFHRIfVxFS+9ZA/NbCvhZ9z1
>> vTi+rk9YrMMPSUWGwtvf9JDMq5lH64FL1tbT5/EMz1jYuITlslEAmMgV/KZyywSE
>> EMKpU0SdL3ndXtaEEuTrbbQSaW+3dujPbRRjFkqfp919wE76C8DvKD1OOtw/toSK
>> jpxaFzHgqF6/lKs1dBtdIBcFQp05yZDNR7jAmLp/uWAW20ahc6owszmmLZL4Uh+E
>> ofhfgeof0obzbEnMq0T9X0UGApdkJtzZ6O3a7IRHmapLb1U56U1sA6IBtnwNbY/E
>> KvZFiF4N7r3aKs6jexpTANWCvR+y9AW7Bn5soEM0bjwlhPXDJETjKb2A/ImPOOmg
>> UisdBrxppnYQJFZMnZaFRh8BRpWmm8QtiYD2aEVw5TkngKba/drdsez1Ygi6Rhj/
>> g6pEKCaYtFITWpk5Ev6lFp4Y+L9V9qTCJWv90w024r2sauITlY+tUf+WnXwd6zjO
>> JBmw5eToih2NQW7ckbsFm90UuApUQNF+EOks4/MkPe1hyRR4wzhhe1F3ES7vsgAZ
>> 1x+s9q7AuNGEOJCpbuZ1Kdc/XXH6iuKKMSB2pNI56joG4kfvuDFbyT1xef3qoOPp
>> 0mKgcxK/fS0CAwEAAaOCAiMwggIfMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
>> BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUiJlh
>> b265+40NG7XZWrt10yElWWAwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo
>> 7KEwcAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQt
>> eDEubGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50
>> LXgxLmxldHNlbmNyeXB0Lm9yZy8wLQYDVR0RBCYwJIIOcHl0aG9uLXZpZ28uZXOC
>> End3dy5weXRob24tdmlnby5lczCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYL
>> KwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5
>> cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9u
>> bHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGlu
>> IGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0
>> IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEB
>> CwUAA4IBAQAaqdMG9KAdPg3pLu5VOba40MSLW+zJA84uNPsxhbNThHDYuGZ22kU4
>> 6NwNmMXBNqBlMkVnlf6t/ncLn3ErNsYU+ZsWHLDYZ67jsG6mavbz+k84EJyh3dMq
>> XSg0xqoY08Ag4I4uMOO5KXXpkNbKIsDJX+TKoyyLW/Y3k9S8RiRFM5Ar7nqmiOmG
>> eH2pTiAFk4MUql+jcXXeeh7CiuesGZHaPb9OY4zhvoatScaZGR8KAO1UAI2z7B0q
>> pOHXPKUs1a3qothShw7K3xYjNe2PogYUSm0wrE5Q1JlpYbUFQLuxsSDT3KQH6wSQ
>> tudYRwhBk/ZO/prUwdlm1Afmp2MUpRZ/
>> -----END CERTIFICATE-----
>>
>>
>> Un saludo a todos y feliz año nuevo.
>> _______________________________________________
>> Asociación Python España: http://www.es.python.org/
>> Python Vigo: http://www.python-vigo.es/
>> Vigo mailing list
>> Vigo at lists.es.python.org
>> https://lists.es.python.org/listinfo/vigo
> _______________________________________________
> Asociación Python España: http://www.es.python.org/
> Python Vigo: http://www.python-vigo.es/
> Vigo mailing list
> Vigo at lists.es.python.org
> https://lists.es.python.org/listinfo/vigo
More information about the Vigo
mailing list