Notezilla.Net certificate chain

PositiveSSL, Azure & COMODO RSA Certification Authority

Recently SSL 1 was declared unsafe. So the certification companies started supplying SSL 2 certificates.

My certificate for notezilla.net was about to expire so I purchased a new one from namecheap.com. It sells SSL certificate at very less price. The brand name is PositiveSSL.

After purchase, I followed the instructions to install SSL certificate on my Windows Azure cloud service. But it didn’t work. I tried about 4 times and spent several hours trying to fix it.

As a side note: SSL 2 has a different set of root and intermediate certificates. I had to re-download and install them from here.

Surprisingly, for first 2 days I found everything was working fine until I tried to access my web-app from Android phone. The Chrome browser showed a scary message – ‘Your connection is not private’. Then I checked my website using SSL Checker. It said that the certificate was broken. The chain did not complete to the root. Also my Android app created using Xamarin were throwing following exceptions:

{System.Net.WebException: Error getting response stream (ReadDone2): ReceiveFailure

System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure —> System.IO.IOException: The authentication or decryption has failed. —> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a

Fortunately, Boyan Tabakob’s post on this thread helped me.

I am further elaborating on this because I want to cover issue specific to the PositiveSSL certificate purchased from namecheap.com. Nothing is wrong with the certificate. But the way IIS determines the chain of certificates is incorrect.

Here is how your chain should look like:

Notezilla.Net certificate chain

Your certificate->COMODO RSA Domain Validation Secure Server CA->COMODO RSA Certification Authority->UserTrust (AddTrust External CA Root)

However, when you install the SSL certificate on Windows Azure, and log in to your cloud service using Remote Desktop to check the chain, it will look totally different. It will pick a different COMODO certificate and will not find your actual root certificate.

Problem: The problem is that IIS has another interm certificate named “COMODO RSA Certification Authority” under “Trusted Root Certification Authorities”. This one is with a different Thumbprint. The real “COMODO RSA Certification Authority” which I wanted was already in “Intermediate Certifications Authorities” folder.

Solution: Since IIS picked the former one from the root (may be because of the same name), I deleted the former one (via Remote Desktop) and the certificate chain was now complete till the root. Now my website was working fine. Remember to restart your VM instance (Web Role) after you make this change! Very important.

The bad part is that I will have to repeat this step every time deploy a new build of my MVC cloud service.

Thanks. Hope it helps someone :).

Hindustani Classical Vocal Music in Chennai

This special post is dedicated to my singing teacher Mitu Banerjee.

For more than 4 years, I have been learning Hindustani classical vocal music from her. She is an amazing teacher. She knows where to take you to make you a true singer. By true singer I mean a singer who enjoys singing for himself/herself. Who can connect to the divine with surrender-ship and let the beautiful sound flow.

If you are in Chennai and wish to learn Hindustani classical vocal music then please contact Mitu Banerjee – 7845596309.

What is important is your sincerity. You cannot learn anything when you are not disciplined. Utmost dedication is required when you wish to master anything. Not giving up is important to see that real fruits of your hard work after some years.

Thanks.

Beach Huts

Choosing the right RSS News Reader


Beach Huts

Image courtesy of Simon Howden / FreeDigitalPhotos.net



In my last post I talked about how I switched back from Google Reader to Bloglines. But a simple & important issue with Bloglines makes me look for something better. Surely there should be one. I haven’t searched enough.

The issue with Bloglines is that it does not remember you. So you need to type in the username & password every day. I am using Mozilla Firefox browser. Such a simple problem to fix. But they haven’t fixed it yet.

Thanks to the recent post ‘An RSS Reader A Week‘ by Dr.Pete at Moz. In his post, Dr.Pete is going to review a blog reader each week. He has completed with Feedly & OldReader.

I can’t wait to see the results. Based on the comments on his post, it seems that Feedly could be the winner. Still, another 9 readers to go. 9 whole weeks!

Thanks :)

Feedburner's Subscribe Page

Bloglines as Google Reader’s alternative – a good replacement



This July’13, Google will put an end to Google Reader.

Leaving Google Reader was hard. And I am sure several users would be feeling the same. Google Reader was a simple, flawless feed reader that just worked.

I kept postponing my search for alternatives to Google Reader until I was forced to do so when Feedburner removed ‘Google Reader’ as one of the feed reader options that were displayed when adding a new feed.

Feedburner's Subscribe Page

I looked for other alternatives on the same page. Before Google Reader I was using Bloglines which was pretty good. I had moved to Google Reader just to have everything in one integrated system – Google.

I quickly registered at Bloglines. I found the new looks & usability of Bloglines to be little clumsy. But after a little effort, it was all easy.

To import your feeds from Google Reader to Bloglines, simply go to your Google Reader settings and choose the Import/Export option.

Google Reader Settings


Click on Download your data through Takeout link and there you go. Takeout will give you a .zip file containing subscriptions.xml that you will need to import into Bloglines.

Import from Google Reader to Bloglines


In Bloglines, click on ‘Add Content’, choose ‘Add a Feed’ and then choose the ‘Import’ option to import the subscriptions.xml file.

Thanks :)

google-plus-one-button-inline

Google +1 Button recent changes – Annotation

Hello,

Suddenly today I saw Google +1 button to be wider & smaller on my business website. This is not what I had configured.

Notezilla - Google + 1 Button - Inline

I am using the sharrre social media plugin to show the social media buttons. But the problem was not with the plugin.

With further investigation I found that Google +1 button takes ‘size’ and ‘annotation’ parameters as part of its configuration. In order to make the button look like in the below picture, ‘size’ must be set to ‘tall’ and ‘annotation’ to ‘bubble’. Since ‘bubble’ was the default value of annotation, I did not set it explicitly in the configuration. To fix the above, I had to set it explicitly now. May be because Google had changed the default value to ‘inline’? Not sure if this is just an accidental change or an intentional one from Google.

Notezilla - Google + 1 Button - Bubble

Here is the change I made in a call to Sharrre’s plugin function (See line #12). If you are using some other plugin, you would need to look at the options that it provides to configure Google +1 button.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  $('#social-media-panel').sharrre({
                share: {
                    googlePlus: true,
                    facebook: true,
                    twitter: true,
                    digg: false,
                    delicious: false,
                    stumbleupon: false,
                    linkedin: false
                },
                buttons: {
                    googlePlus: { size: 'tall', annotation: 'bubble' },
                    facebook: { layout: 'box_count' },
                    twitter: { count: 'vertical' },
                    digg: { type: 'DiggMedium' },
                    delicious: { size: 'tall' },
                    stumbleupon: { layout: '5' },
                    linkedin: { counter: 'top' }
                },
                enableHover: false,
                enableCounter: false,
                enableTracking: true,
                url: socialMediaUrl
            });

Thanks :)