Setting up SSL for clipperz.bit

https://www.namecoin.org/dot-bit/
mbarulli
Posts: 6
Joined: Wed Mar 12, 2014 8:56 am
Contact:

Setting up SSL for clipperz.bit

Post by mbarulli »

Hi there,
i'm trying to add SSL support to domain clipperz.bit using a self-signed certificate.

The first configuration I've tried used the "fingerprint" field, with both Sha1 and md5.

Code: Select all

{
    "ns": ["ns1.domaincoin.net", "ns2.domaincoin.net"],
    "fingerprint": ["27:6B:76:B0:43:08:41:94:88:CB:7A:8C:46:BF:EF:8C:19:D7:A3:76", "7F:2F:49:0F:D3:DC:71:5D:B7:14:40:58:89:95:2A:64"]
}
But the proxy we've been using to access .bit domains (178.32.31.43:8888 via the FoxyProxy Chrome extension) replied with an error (ERR_TUNNEL_CONNECTION_FAILED).

Then we changed approach, inspired by this thread and by the fact that the "fingerprint" field was marked as "deprecated" and switched to:

Code: Select all

{
    "ns": ["ns1.domaincoin.net", "ns2.domaincoin.net"],
    "tls": {
        "sha1": ["27:6B:76:B0:43:08:41:94:88:CB:7A:8C:46:BF:EF:8C:19:D7:A3:76"],
        "enforce": "*"
    }
}
This time the proxy just answered that the page was not available.
We are a bit lost ...
Any help would be very welcome!

What are you using to navigate .bit domains?
Is FoxyProxy + 178.32.31.43 a reliable solution?
(that we can suggest to our users as well)
Any example configuration we can learn from?

Many thanks,
Marco
Support Clipperz, donate now!
https://clipperz.is/donations

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by domob »

Great that you want to use .bit with TLS support! The first option you had (with "fingerprint") seems correct. Note that AFAIK you can not use .bit's TLS support with a browsing proxy, instead you should try it with the FreeSpeechMe extension. The second option ("tls") is newer, but not yet implemented, and so I think you should stick with the first for now.

Try reverting to the "fingerprint" value and testing with FreeSpeechMe instead of a proxy. (Or ask here for others to test it after changing the name back.)
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

mbarulli
Posts: 6
Joined: Wed Mar 12, 2014 8:56 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by mbarulli »

Thanks domob!

I'm going to install FreeSpeechMe and revert to "fingerprint".
I'll keep you updated.

Btw, is it ok to list both SHA1 and MD5?
Support Clipperz, donate now!
https://clipperz.is/donations

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by domob »

mbarulli wrote:Thanks domob!

I'm going to install FreeSpeechMe and revert to "fingerprint".
I'll keep you updated.
Good luck with that!
mbarulli wrote:Btw, is it ok to list both SHA1 and MD5?
Ah, I missed that. You should only list SHA-1 (it doesn't harm to list MD5, too, but it will be interpreted as allowed alternative SHA-1 hash which can never be matched by any certificate). I think mid-term we are switching to SHA-256, but for now only SHA-1 hashes are supported.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

mbarulli
Posts: 6
Joined: Wed Mar 12, 2014 8:56 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by mbarulli »

I've now removed MD5, but unfortunately I just discovered that awesome FreeSpeechMe does not work on a Mac. :(

Is there anyone out there that is willing to try reaching https://clipperz.bit ? THANKS!
It would be also great to know which setup (proxy, add-ons, ...) you used.

Btw, http://clipperz.bit works just fine.
Support Clipperz, donate now!
https://clipperz.is/donations

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by domob »

mbarulli wrote:I've now removed MD5, but unfortunately I just discovered that awesome FreeSpeechMe does not work on a Mac. :(

Is there anyone out there that is willing to try reaching https://clipperz.bit ? THANKS!
It would be also great to know which setup (proxy, add-ons, ...) you used.

Btw, http://clipperz.bit works just fine.
For me, neither one works at the moment. Also:

Code: Select all

$ nmcontrol dns getIp4 clipperz.bit
ERROR: 
Presumably that has something to do with your nameservers (ns?.domaincoin.net). If you have a single static IP, you should add it directly to the name instead of using the "ns" fields. Is that the case or do you have multiple / changing IPs?
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

mbarulli
Posts: 6
Joined: Wed Mar 12, 2014 8:56 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by mbarulli »

If you have a single static IP, you should add it directly to the name instead of using the "ns" fields. Is that the case or do you have multiple / changing IPs?
Quite right. I've now switched to the "ip" parameter. Waiting for propagation to the blockchain.
Support Clipperz, donate now!
https://clipperz.is/donations

mbarulli
Posts: 6
Joined: Wed Mar 12, 2014 8:56 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by mbarulli »

Current configuration is:

Code: Select all

{
    "ip": "46.149.20.251",
    "fingerprint": "27:6B:76:B0:43:08:41:94:88:CB:7A:8C:46:BF:EF:8C:19:D7:A3:76"
}
Are you getting the same results?
Support Clipperz, donate now!
https://clipperz.is/donations

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by domob »

mbarulli wrote:Current configuration is:

Code: Select all

{
    "ip": "46.149.20.251",
    "fingerprint": "27:6B:76:B0:43:08:41:94:88:CB:7A:8C:46:BF:EF:8C:19:D7:A3:76"
}
Note that this works for clipperz.bit but not www.clipperz.bit. I suggest you use

Code: Select all

{
    "ip": "46.149.20.251",
    "map": {"*": "46.149.20.251"},
    "fingerprint": "27:6B:76:B0:43:08:41:94:88:CB:7A:8C:46:BF:EF:8C:19:D7:A3:76"
}
instead, which resolves every subdomain to this IP. (But that depends on what you really want.)
mbarulli wrote: Are you getting the same results?
No, for me both work and the TLS certificate is correctly verified by FreeSpeechMe. As far as I can tell, the configuration is now fully functional.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

mbarulli
Posts: 6
Joined: Wed Mar 12, 2014 8:56 am
Contact:

Re: Setting up SSL for clipperz.bit

Post by mbarulli »

Thanks for the good news domob!
I really appreciate your help. :)

I definitely need to find a convenient and reliable way to browse .bit domains on my Mac ...
Support Clipperz, donate now!
https://clipperz.is/donations

Post Reply