[Metalab] SSL-Zertifikat

Michael Kafka m.kafka at aon.at
Sun Jun 28 23:35:07 CEST 2009


The Main Problem seems to be:

metalab.at:443 uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The certificate expired on 20.04.2009 20:03.

(Error code: sec_error_unknown_issuer)

But if anyone should generate/request a new certificate please use SHA-1

greets

MiKa

PS: the DNS option doesn't weaken or strengthen the security of certificates
it's only about how to verify the root certificate (fingerprint). DNS is one
of the registered and standardized "operational protocols" of PKI and as secure
or insecure as any of the others. That's the idea of PKI: don't rely on
underlying transport mechanisms but get the verification of root certificates
right.

Benedikt Gollatz wrote:
> Da ich keine Ahnung habe, wer das fixen kann, hierher:
> 
> Die wunderbare Firefox-Extension "SSL Blacklist" (warnt vor schwachen Debian-
> OpenSSL-Keys und mit MD5 signierten Zertifikaten) [1], beschwert sich für 
> https://metalab.at/ über einen ebensolchen Debian-Key.
> 
> Vielleicht mag sich jemand drum kümmern.
> 
> Benedikt
> 
> [1] Ich weiß, verwendet DNS, bringt keine wirkliche Sicherheit...
> 
> _______________________________________________
> Metalab mailing list
> Metalab at lists.metalab.at
> http://lists.metalab.at/mailman/listinfo/metalab
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: m_kafka.vcf
Type: text/x-vcard
Size: 324 bytes
Desc: not available
URL: <http://lists.metalab.at/pipermail/metalab/attachments/20090628/26269725/attachment.vcf>


More information about the Metalab mailing list