QC on fingerprint before even visiting admin page

openletter · April 11, 2021, 11:07pm

IIRC, the initial cert for MiaB is a self-signed cert and the LE or other certs are added after logging into the dashboard.

The question is about verifying the self-signed cert using the fingerprint provided in the setup process.

The fingerprint is the SHA-256 hash and the hash reported in the Windows browsers thus far have have all been the (correct) SHA-1 hash while the indicated preference is to verify using the SHA-256 hash.

I don’t have a Windows machine to figure out how to navigate to an SHA-256 hash.

xyzsco · April 11, 2021, 11:18pm

Sir, this is my domain, i have never issued a cert for this domain…

alento · April 11, 2021, 11:19pm

Ahh ok. Firefox on Ubuntu shows it clearly … maybe time to upgrade from Windows?

alento · April 11, 2021, 11:20pm

Uhmm, yes you have. 20 hours ago.

xyzsco · April 11, 2021, 11:21pm

Wow…, not sure about that one, but i can tell you it was definitely not me.But 20 hours is the mark of initial installation. So is that a coincidence?

alento · April 11, 2021, 11:26pm

Is it possible that you hit the blue provision button and just didn’t realize it? Because that is really about the only plausible scenario. In either case, you have a valid certificate currently installed rather than the self-signed certificate, so I would say that you are good to go.

Regarding your initial query - I hadn’t read the thread closely enough as @openletter so kindly pointed out.

openletter · April 11, 2021, 11:28pm

Does MiaB install automatically for its own domain through any nightly process?

Log into the mail and you should see a message about configuring certificates.

alento · April 11, 2021, 11:29pm

You raise a valid point that I do not know the answer to. I can quite conceivably see MiaB running the script during the nightly maintenance and replacing the self-signed cert … though I have never left it overnight to see personally.

openletter · April 11, 2021, 11:33pm

Validity:

Self-signed cert

Mon, 10 Apr 2021 22:06:43 GMT

LE cert

Sun, 11 Apr 2021 06:48:13 GMT

xyzsco · April 11, 2021, 11:36pm

No, it’s fine. Not to worry. I am going to scratch this install and start over as i feel uneasy about it. Before i even log into any fresh install, i always check the fingerprint. This case was no exception.

Based on the two timestamps the LE looks like when i logged in the first time to investigate what was going wrong.

alento · April 11, 2021, 11:38pm

Yes, indeed. That would be my best recommendation. May the second time go much better for you.

xyzsco · April 11, 2021, 11:40pm

Thanks so much, If you don’t mind can we please leave this thread open until I’ve confirmed a successful installation?

openletter · April 11, 2021, 11:41pm

Even if you rebuild, you must find a way to view SHA-256 fingerprint of the cert, otherwise you will have the exact same initial issue.

Note that you can figure this out with any cert for any site and you should verify it on your computer, not some other website.

xyzsco · April 11, 2021, 11:48pm

Yes I finally was able to manage doing this by looking at the brave browser screenshot listed in this thread , as it turns out the fingerprint was identical to the one cited remotely . Edit: Sorry for the lack of clarification, the screenshot listed in this thread that shows the brave bowser fingerprint was created by me

openletter · April 11, 2021, 11:54pm

Prior to this thread were you aware that was the correct SHA-1 hash for the SHA-256 hash? Even though the numbers matched, you would also need to know the different algorithm’s correct value.

xyzsco · April 11, 2021, 11:55pm

Correct,. Yes. Both SHA256. This is going off memory, so. I am not 100%

I know that initially the hash was supposed to be Sha1, and the ones generated were 256, so maybe not.

I will check my logs, right now i am doing laundry, and cleaning dog and cat crap out of my BR.

By the way, what does the installer generate upon installation?

I really feel like i am being taken for a ride guys, throw me a bone please. lol…

P.M. me. I don’t care much about other’s agenda, just a working email server. Uno mono limpia la otra.

alento · April 12, 2021, 12:29am

I am not really sure what you are implying or trying to convey. … feel free to PM me. I don’t bite - usually.

openletter · April 12, 2021, 1:50am

The hash you provided in the initial post in the text document was SHA-256 and I had assumed that was what MiaB printed for you at the end of the install. The GRC hash and other in-browser hashes in your screenshots were all SHA-1.

It is configuring standard mail server tools and other useful administrative tools for you and then installing a dashboard admin interface that is custom to the project. I’m guessing that setup process would normally take an admin between 4 and 20 hours, depending on the experience of the admin.

If any terms I or others use you are not familiar with, please feel free to either post or send a message. Generally speaking, anyone who takes the time to help someone out in a forum post would be willing to do the same in a PM.

xyzsco · April 12, 2021, 1:59am

“The GRC hash and other in-browser hashes in your screenshots were all SHA-1.”

Really you absolutely sure?

Please take a second gander,

IMG_20210411_215716

openletter · April 12, 2021, 2:11am

Yes. I’m guessing that to view the SHA-256 hash you need to click the ‘Signature hash alg…’ row.

The visible ‘Thumbprint’ perfectly matches the SHA-1 hash.