Re: Updating SSL keys on

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hash: SHA1

On 02/09/2011 01:13 PM, Tim wrote:
> On Tue, 2011-02-08 at 13:27 -0700, Stephen Smoogen wrote:
>> Various SSL keys are aging out so we will be updating them before anyone
>> gets a <This CERT is not valid.> page.
>> The first server to be updated will be
>> The old certificate came from Equifax, was a 1024 bit key and had the
>> fingerprint:
>> SHA1 Fingerprint=CC:64:67:BE:90:50:79:ED:23:E8:C1:18:02:AB:AC:83:88:FC:6C:D8
>> The new certificate is issued by GeoTrust, Inc and is a 4096 bit key
>> with the fingerprint:
>> SHA1 Fingerprint=D1:54:82:77:77:F9:11:DF:E0:B1:14:37:B9:36:E2:09:20:B6:54:1D
>> Please report any problems with these certificates to
>> [email protected]
>> Stephen Smoogen
>> * interim Infrastructure Chief Coffee Officer
> Hmm, this email should have included a link to verify what it says
> through a SSL secured page, on the current certificates.
> Anybody could post a "the new keys are this" message through email as a
> hoodwinking exercise, since an email (like that) is hard to properly
> verify, in itself (thanks to the nature of how PGP keys are managed in
> mail - the honour system).
> i.e. gpg: WARNING: This key is not certified with a trusted signature!
>      gpg:          There is no indication that the signature belongs to the owner.
> At least website certificates ought to have more vetting behind them.
> That was a security-based announcement that's somewhat lacking in
> security mindedness.

Not really. It would be one thing if it was a private certificate, but
these are signed off by well-known and trusted certificate authorities.
So this is really just a heads-up that a change is coming (and a notice
that the key size has been increased to 4k). Including the fingerprint
isn't necessary for security (unless you've removed GeoTrust manually
from your list of trusted authorities).

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -

users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux