PositiveSSL, Azure & COMODO RSA Certification Authority

Recently SSL 1 was declared unsafe. So the certification companies started supplying SSL 2 certificates.

My certificate for notezilla.net was about to expire so I purchased a new one from namecheap.com. It sells SSL certificate at very less price. The brand name is PositiveSSL.

After purchase, I followed the instructions to install SSL certificate on my Windows Azure cloud service. But it didn’t work. I tried about 4 times and spent several hours trying to fix it.

As a side note: SSL 2 has a different set of root and intermediate certificates. I had to re-download and install them from here.

Surprisingly, for first 2 days I found everything was working fine until I tried to access my web-app from Android phone. The Chrome browser showed a scary message – ‘Your connection is not private’. Then I checked my website using SSL Checker. It said that the certificate was broken. The chain did not complete to the root. Also my Android app created using Xamarin were throwing following exceptions:

{System.Net.WebException: Error getting response stream (ReadDone2): ReceiveFailure

System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure —> System.IO.IOException: The authentication or decryption has failed. —> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a

Fortunately, Boyan Tabakob’s post on this thread helped me.

I am further elaborating on this because I want to cover issue specific to the PositiveSSL certificate purchased from namecheap.com. Nothing is wrong with the certificate. But the way IIS determines the chain of certificates is incorrect.

Here is how your chain should look like:

Notezilla.Net certificate chain

Your certificate->COMODO RSA Domain Validation Secure Server CA->COMODO RSA Certification Authority->UserTrust (AddTrust External CA Root)

However, when you install the SSL certificate on Windows Azure, and log in to your cloud service using Remote Desktop to check the chain, it will look totally different. It will pick a different COMODO certificate and will not find your actual root certificate.

Problem: The problem is that IIS has another interm certificate named “COMODO RSA Certification Authority” under “Trusted Root Certification Authorities”. This one is with a different Thumbprint. The real “COMODO RSA Certification Authority” which I wanted was already in “Intermediate Certifications Authorities” folder.

Solution: Since IIS picked the former one from the root (may be because of the same name), I deleted the former one (via Remote Desktop) and the certificate chain was now complete till the root. Now my website was working fine. Remember to restart your VM instance (Web Role) after you make this change! Very important.

The bad part is that I will have to repeat this step every time deploy a new build of my MVC cloud service.

Thanks. Hope it helps someone :).

Bloglines as Google Reader’s alternative – a good replacement

This July’13, Google will put an end to Google Reader.

Leaving Google Reader was hard. And I am sure several users would be feeling the same. Google Reader was a simple, flawless feed reader that just worked.

I kept postponing my search for alternatives to Google Reader until I was forced to do so when Feedburner removed ‘Google Reader’ as one of the feed reader options that were displayed when adding a new feed.

Feedburner's Subscribe Page

I looked for other alternatives on the same page. Before Google Reader I was using Bloglines which was pretty good. I had moved to Google Reader just to have everything in one integrated system – Google.

I quickly registered at Bloglines. I found the new looks & usability of Bloglines to be little clumsy. But after a little effort, it was all easy.

To import your feeds from Google Reader to Bloglines, simply go to your Google Reader settings and choose the Import/Export option.

Google Reader Settings

Click on Download your data through Takeout link and there you go. Takeout will give you a .zip file containing subscriptions.xml that you will need to import into Bloglines.

Import from Google Reader to Bloglines

In Bloglines, click on ‘Add Content’, choose ‘Add a Feed’ and then choose the ‘Import’ option to import the subscriptions.xml file.

Thanks :)

ASP chooses a sensible name

The Association of Shareware Professionals has renamed itself to the Association of Software Professionals (ASP).

Association of Software Professionals

Details of the name change can be found here.

I have been a member of ASP for many years now. If you are running a software company then I strongly suggest that you join the ASP. The members’ discussion group (newsgroup) will give you valuable tips for marketing your software, SEO, software registration, protection, new product development, product ideas, website feedback, product review etc.

Moreover, members of the ASP offer their products at discount price to other co-members. I take this benefit each year and save hundreds of dollars.

The Association of Shareware Professionals has renamed itself today to the Association of Software Professionals.

MailChimp – Email marketing service

When sending our email newsletters to our customers, we were always worried about our emails being marked as SPAM. And we didn’t know how to get away with it. We kept improving our email copy (subject, content, format etc), but still Gmail and others would treat it as SPAM.

For the launch of our product RecentX, we wanted to fix this for sure. Seeing the potential of this product, we want each of our customer to know about it. So we asked the geeks at Business Of Software forum. We were quite confident of getting a solution because all of us mISVs face this problem.

And yes, we got the answer – MailChimp


In our experience, this is a simply fantastic mass mailing service. We wanted to solved the SPAM problem. Period. And MailChimp did solve it. The emails which we sent from MailChimp was authenticated. So it did not get filtered by most of the anti-spam systems.

MailChimp website’s usability and looks are very impressive. They also have something called “Inbox Inspector” that sends the email to all major webmail services (gmail, hotmail etc) and verify whether it reaches their inbox and not the SPAM folder. Plus it shows how your email looks in each of those webmail services.

The campaign report shows all the required details. How many opened? how many clicked which link on your email?, supports Google Analytics etc.

MailChimp is free for 100 subscribers. I strongly suggest that you have a look at this service.


IconDock – Impressive Stock Icons

I am very much impressed with a stock icons vendor IconDock. They have limited but very nice icon set. What is special about them is that they sell individual icons too.

Their website is very well designed.

Here are some of their limitations (as of today):

  • They sell only 16×16, 32×32 and vector sets. It is developer’s responsibilities to use a vector image editing software such as Adobe Illustrator to edit their vector sets to any size they want. Not all developers (especially uISVs) own a license to Adobe Illustrator.
  • They do not design custom icons. If you don’t find all the required icons in their icon sets then you are stuck. You can get the additional icons done by them.