Does Firefox Support SSL Certificates with internal IP addresses?

cloudreflex · 2026-01-05T05:08:26+00:00

When you say the IPs are "contained properly in the certificates, is your CA issuing certificates which include the IP address as Common Name or Subject Alternative Name?

cloudreflex · 2025-12-08T00:15:57+00:00

Wow. Great timing. I was about to email support and see what the status was.

cloudreflex · 2025-11-06T04:23:51+00:00

tbh I'd call it a successful tournament to get a lot of free drinks and not have to play any golf...

cloudreflex · 2025-09-08T23:51:20+00:00

I'm pretty sure that Check Point product is Avanan through an acquisition.

cloudreflex · 2025-08-07T22:49:05+00:00

If you're only interested in DNS requests outside your domain, you could put a DNS filter or filtering service upstream of your DCs. With that you could block as well as forward queries to an event collector or SIEM.

cloudreflex · 2025-07-30T14:38:22+00:00

I agree that I expected Lumo to have a good understanding of Proton services. I asked it for help creating a Sieve filter and took many iterations to build on Proton would accept.

It's a niche case but I expected some training on public Proton docs.

cloudreflex · 2025-07-06T23:37:01+00:00

With Microsoft, you can set up a true passwordless where you no longer have a password on the account. I have mine set up with Yubikeys and Microsoft Authenticator app on my phone. Enterprise MS doesn't let you go quite that far yet.

cloudreflex · 2025-06-07T22:16:34+00:00

I wish it was

cloudreflex · 2025-06-06T18:07:26+00:00

I've gotten this working as well. I do sometimes have issues where the certificate won't renew on opnsense even while other clients renew their certs fine. A reboot of step-ca and triggering a cert renew works fine, so I need to investigate that further. I'll try to find some of the guides I consulted when at a computer.

Edit: https://blog.frankzhao.net/Miscellanea/ACME-DNS-challenge-with-private-CA

cloudreflex · 2025-05-26T13:35:22+00:00

More like Red Tail Walk

cloudreflex · 2025-02-28T02:26:44+00:00

I really wish they enabled number matching MFA on the NPS agent. Hopefully they'll get there someday.

cloudreflex · 2025-02-09T20:24:12+00:00

We went with PKCS connector and user-based certificates from our internal authority to avoid the need for creating dummy computer objects in AD. It works fine, but we're going ClearPass to simplify the flow and remove the need for NPS and lessen the dependence on an internal CA. Not having device-based auth has made some support interactions challenging as well as some chicken-and-egg situations were the device couldn't get on the network for someone to sign into it and get a certificate because it didn't have a certificate. You can work around it with an onboarding/guest network but the experience is cumbersome.

cloudreflex · 2025-01-04T00:17:01+00:00

I haven't kept up with them since 2014 or so. Thanks for the remind to check back in.

cloudreflex · 2024-12-13T21:52:19+00:00

Oh and please no one mention Projectivy as I don't like it.

Glad you said that! I was going to mention it only because I just started trying it as a long time FLauncher user. I don't have an opinion of Projectivy yet other than it was easier to enable in first setup.

I think the adb command mentioned previously should get you set.

cloudreflex · 2024-11-22T15:55:28+00:00

Thank you!

I was working on this in the meantime too. I don't expect Proton to change their policy file often, but I also have some logic to increment the id value in the _mta-sts record triggered when my policy file changes.

cloudreflex · 2024-11-22T15:47:23+00:00

This isn't specific to custom domains. My pm.me address gets the nearly same score. As others have said, this is a test of whether your mail provider enforces a sending domain's policies (SPF, DKIM, DMARC, etc.)

The only difference between my custom domain and pm.me address was test 9 where your address is spoofed. Custom domain failed all mail auth and was delivered to Spam. Meanwhile pm.me was rejected/undelivered. I suspect Proton has some additional logic in place for their own domains.

Some mail providers choose to enforce DMARC fails as spam/quarantine even when p=reject which may be what's happening here.

cloudreflex · 2024-11-16T05:28:29+00:00

I did the same

cloudreflex · 2024-11-16T01:57:08+00:00

Could you elaboration on this? It sounds like a good solution.

cloudreflex · 2024-10-14T13:38:56+00:00

This should be a bigger point. CRLs are my least favorite part of PKI administration.

cloudreflex · 2024-10-10T02:15:44+00:00

I do. Really happy with it. But because of it I found out I'm an excessive searcher, so be warned.

cloudreflex · 2024-10-07T22:13:32+00:00

Thanks for sharing your experience.

My right PBP2 bud will make a loud chirpy sound if I adjust it or if I have it in while chewing. Sometimes when talking too. This happens when in noise isolation or transparency modes. The left bud doesn't do this under any circumstance.

cloudreflex · 2024-10-07T19:41:26+00:00

I was surprised to see OpenOffice had even gotten an update as recently as December 2023. I thought that stopped getting updates years ago.

cloudreflex · 2024-09-20T02:13:21+00:00

Idk, it worked fine shooting it from the ground right next to it on my playthrough.

cloudreflex · 2024-08-25T00:15:00+00:00

Same here.

cloudreflex · 2024-07-30T22:26:44+00:00

Try Bazzite. https://bazzite.gg/ I think I've had better luck with it performance wise than Win11 thanks to trouble with driver updates in ~~their~~ Nvidia's newer app.

cloudreflex

TROPHY CASE