Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)secure.2degreesbroadband.co.nz SSL cert
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2101877 4-Oct-2018 23:19
Send private message

dfnt:

 

I'm even using Let's Encrypt (wildcard cert) for all my internal devices, like EdgeRouter, Synology NAS, pihole etc using nginx as a reverse proxy to them. That way I don't have to deal with self signed cert warnings when accessing them, and I just have a singular device that the cert resides on.

 

So easy when using the Cloudflare certbot plugin, so you don't have to expose your internal services for validation

 

I really need to get on to that... Thanks for the heads up regarding the Cloudflare Certbot plugin! Could come in handy :)

 

Lias:

 

Or better yet with free Let's Encrypt, Comodo or AWS ACM certificates.. It's high time people stopped paying money for SSL certs.

 

Afraid working for a large bank that won't fly... People need to see the padlock along with the name of the bank since phishing is so prominent (amongst other reasons). EV Validation really isn't cheap to do either. LetsEncrypt however will work with 2degrees however being a corp I'd say they'll be in the same boat here.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



dfnt

1511 posts

Uber Geek

Lifetime subscriber

  #2101880 4-Oct-2018 23:27
Send private message

michaelmurfy:

 

dfnt:

 

I'm even using Let's Encrypt (wildcard cert) for all my internal devices, like EdgeRouter, Synology NAS, pihole etc using nginx as a reverse proxy to them. That way I don't have to deal with self signed cert warnings when accessing them, and I just have a singular device that the cert resides on.

 

So easy when using the Cloudflare certbot plugin, so you don't have to expose your internal services for validation

 

I really need to get on to that... Thanks for the heads up regarding the Cloudflare Certbot plugin! Could come in handy :)

 

 

NP.

 

Let me know if you want my config examples and I'll send them through, although its pretty straightforward especially when you've done the same concept with the Unifi Controller

freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2101881 4-Oct-2018 23:29
Send private message

dfnt:

 

I'm even using Let's Encrypt (wildcard cert) for all my internal devices, like EdgeRouter, Synology NAS, pihole etc using nginx as a reverse proxy to them. That way I don't have to deal with self signed cert warnings when accessing them, and I just have a singular device that the cert resides on.

 

 

Just for the record, I've posted a quick guide on using Let's Encrypt certs on Synology and Fritz!box. This can easily be used for other models and if you are so inclined you can automate the renewal process in some routers.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup



dfnt

1511 posts

Uber Geek

Lifetime subscriber

  #2101883 5-Oct-2018 00:19
Send private message

freitasm:

 

dfnt:

 

I'm even using Let's Encrypt (wildcard cert) for all my internal devices, like EdgeRouter, Synology NAS, pihole etc using nginx as a reverse proxy to them. That way I don't have to deal with self signed cert warnings when accessing them, and I just have a singular device that the cert resides on.

 

 

Just for the record, I've posted a quick guide on using Let's Encrypt certs on Synology and Fritz!box. This can easily be used for other models and if you are so inclined you can automate the renewal process in some routers.

 

 

Oh yeah, forgot about that. I knew it was a thread I read somewhere that gave me the inspiration to do it but ended up procrastinating then forgetting.

 

The method I'm using is with nginx running on debian on an Intel NUC, so the devices retain their self signed certs leaving you with just one server hosting the cert. Makes automation and renewal easier that way.

 

But either option is good!

NickMack
962 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #2102004 5-Oct-2018 09:53
Send private message

dfnt:

 

So the end is near for the distrust of Symantec, and its various subsidiary CA's, SSL certs via Chrome.

 

Just FYI, I'm running Chrome beta so on version70.0.3538.45 now, getting this when browsing to secure.2degreesbroadband.co.nz

 

Click to see full size

 

Probably best to get onto this asap, as the stable release of 70 is just around the corner, more info here

 

@2degreesCare

 

cc @NickMack

 

 

 

 

 

 

Hiya,

 

Under control, and will be resolved today along side the other certs we have :-)

 

Nick.




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

dfnt

1511 posts

Uber Geek

Lifetime subscriber

  #2106268 11-Oct-2018 14:29
Send private message

I noticed the cert has been renewed and now under the Digicert chain, so problem solved :)

NickMack
962 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #2106276 11-Oct-2018 14:33
Send private message

dfnt:

 

I noticed the cert has been renewed and now under the Digicert chain, so problem solved :)

 

 

Hiya,

 

Indeed - As I said, under control :-)

 

Nick.




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
dfnt

1511 posts

Uber Geek

Lifetime subscriber

  #2106279 11-Oct-2018 14:37
Send private message

NickMack:

 

dfnt:

 

I noticed the cert has been renewed and now under the Digicert chain, so problem solved :)

 

 

Hiya,

 

Indeed - As I said, under control :-)

 

Nick.

 

 

Yup, wasn't questioning it just updating the thread for closure

Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2106508 11-Oct-2018 21:06
Send private message

michaelmurfy:

 

Afraid working for a large bank that won't fly... People need to see the padlock along with the name of the bank since phishing is so prominent (amongst other reasons). EV Validation really isn't cheap to do either. LetsEncrypt however will work with 2degrees however being a corp I'd say they'll be in the same boat here.

 

 

I missed that somehow.. Yes there will always be some organisations that need EV certificates, but for the vast majority of websites, DV is fine.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #2106511 11-Oct-2018 21:08
Send private message

I expect that any business that takes money to have a decent EV cert. It just shows that they are at least slightly serious about things that they have gone to that little bit of effort and minimal expense.

 

letsencrypt is fine for blogs and other meaninless things.




Richard rich.ms

Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2106525 11-Oct-2018 21:51
Send private message

richms:

 

I expect that any business that takes money to have a decent EV cert. It just shows that they are at least slightly serious about things that they have gone to that little bit of effort and minimal expense.

 

letsencrypt is fine for blogs and other meaninless things.

 

 

You might have higher standards than most people.

 

I just checked out a few of the NZ top 50 sites from Alexa, Trademe is the only non bank site based in NZ I could see that uses EV.

 

MightyApe, PBTech, Spark, Xero.. don't appear to be using EV

 

I checked a few others I could think of, Travelbug, Wotif, Countdown Online, 2Degrees, Vodafone, Slingshot, Orcon, again, no EV.

 

Even within the banks and financial sector, it appears some are still not using EV certs, or not using them across the board.

 

Registered banks:

 

  • Heartland, non EV front page, EV login page
  • RaboDirect, non EV front page, EV login page
  • BNZ, EV front page and once logged in, but the actual login page for internet banking uses a different, non EV certificate. Ooops :-P
  • Quite a few of the registered asian banks were similar, several didn't even have any certificate on their home pages but did on login pages etc.

Other financial related entities:

 

  • Mercer (Kiwisaver etc), no EV
  • Flexicard/Flexigroup (Farmers Card, IT leasing etc), no EV
  • GE/Laititude (GEM Visa/Creditline), no EV
  • Columbus Financial (Q Card), No EV.
  • First Credit Union, No EV

I'm sure I could keep finding more if I could be bothered.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

dfnt

1511 posts

Uber Geek

Lifetime subscriber

  #2106534 11-Oct-2018 22:44
Send private message

Good read about EV by Troy Hunt

stinger
628 posts

Ultimate Geek
Inactive user


  #2132722 23-Nov-2018 14:26
Send private message

NickMack:

 

Hiya,

 

Under control, and will be resolved today along side the other certs we have :-)

 

Nick.

 

 

You missed one :/ c.2degreesbroadband.co.nz is using a legacy certificate, and used on an e-mail I just received from you.

NickMack
962 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #2132747 23-Nov-2018 14:49
Send private message

stinger:

 

NickMack:

 

Hiya,

 

Under control, and will be resolved today along side the other certs we have :-)

 

Nick.

 

 

You missed one :/ c.2degreesbroadband.co.nz is using a legacy certificate, and used on an e-mail I just received from you.

 

 

 

 

ok ta - I've bounced it to the right team to investigate.




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

1 | 2 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright