My thoughts on Slackware, life and everything

Alien Pastures is moving soon

The URL for my blog is going to change.

I need to have full control over my content. At this moment I do not own the server my blog is running on, and I do not own the domain.
To prevent running into weird situations down the road – for whatever reasons – the blog will move from its current location to https://blog.alienbase.nl/ soon.
I will of course configure an automatic redirect from the current to the new URL to ease the transition.

The current url (alien.slackbook.org/blog) may not be available forever after the migration, so it is best is if you already bookmark the new URL – a placeholder page is waiting there.

If your browser complains about not trusting the CaCert organization then follow the steps outlined in a previous article “adding CaCert root certificates to your Slackware” to silence these warnings.

14 Comments

  1. John

    Bookmarked already! Gratz on taking control

    Not sure for how long it will be just a placeholder but to let you know: Chrome blocked my connection at first saying it wasn’t secure. I added it as an exception.

    I checked the page source and since the landing page is “https” the reason for the chrome blocking could only be that “http” avatar image.

  2. Willy Sudiarto Raharjo

    Hi Eric

    It seems the cert is not yet configured properly as i still get invalid message when i visited the website using my phone.

    Or is it because of the same cacert used for the cert?

  3. alienbob

    The ‘not secure’ messages were caused by HTTP URLS used for the two images on the page. I changed those to HTTPS and the messages are gone.

    This blog site will indeed use a CaCert certificate. I refuse to bow for the big browser companies that won’t recognize CaCert and create their own LetsEncrypt instead, to dominate the free world.

  4. Brad Reed

    I’m getting in Firefox 55:

    blog.alienbase.nl uses an invalid security certificate. The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.

    I’ll try again after upgrading my firefox to -current.

  5. alienbob

    Brad, my Firefox 56 on this laptop and Firefox 17.0.11esr on my server both do not complain (although the server Firefox does not recognize the CaCert certificate authority).
    Do you have an application that proxies your internet connection? Some antivirus programs filter all your internet traffic and that is where the error may come from (if that program does not recognize the encryption used for the certificate).

  6. Brian Lawrence

    Followed the instructions for adding CaCert certificates, and everything is OK here.

  7. AJ

    I’m running Firefox 52.5.0 on Slackware 14.2, with no proxy. It refuses to go to the page, labelling it insecure. This is what the “advanced” information supplies:

    blog.alienbase.nl uses an invalid security certificate.

    The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.

    Error code: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED

  8. alienbob

    AJ please check the details of the ssl certificate which is being presented to your browser. It should be the certificate for “blog.alienbase.nl” which is signed by “CA Cert Signing Authority”. Both mine and the CACert certificate have been signed using SHA256 which is a secure methood (not like SHA1 which has been deprecated because it is insecure).
    I have not found any browser here (Slackware and MS Windows were tested) that complain about the certificate.

    I t is still possible that your Internet traffic is being proxied – perhaps not by you but by your ISP – and that a different SSL certificate is being presented to you. Other options may be that your computer’s time is out of sync, or that you spoof your browser’s UserAgent so that the blog server determines it should change its security settings.

    My Chrome broiwser tells me this about the connection: encrypted with “TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2”.

  9. Willy Sudiarto Raharjo

    I got the same issue with the other

    https://blog.alienbase.nl/

    The certificate was signed using a signature algorithm that is disabled because it is not secure.

    HTTP Strict Transport Security: false
    HTTP Public Key Pinning: false

    Certificate chain:

  10. Willy Sudiarto Raharjo

    I re-add the CaCert keys again (i’m pretty sure i have done this before) and now it works fine on Firefox.

  11. Drag

    Hey Eric.

    Can you make a refresh iso of slackware live with cinnamon flavor ? Thanks

  12. alienbob

    Drag your question bears no relevance to the above article. I will answer but please post on-topic only.
    I will not generate further Cinnamon-flavored Live ISO’s simply because my server does not have the disk space left to store it.

  13. Jen

    No problems with the certificate on chrome 62. I had to restart chrome for it to start working, though.

  14. Brad Reed

    I imported the CAcert keys into my firefox and all is fine now.

Leave a Reply to Jen Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 Alien Pastures

Theme by Anders NorenUp ↑