Web lists-archives.com

Re: ssl certificate on archive.debian.net expired




On Thu, Mar 09, 2017 at 10:38:32AM +0100, Jorick Astrego wrote:
> On 03/09/2017 10:36 AM, Jorick Astrego wrote:
> > Just letting you know the ssl certificate on archive.debian.net "uses 
> > an invalid security certificate. The certificate expired on 02/19/2017 
> > 05:25 AM. The current time is 03/09/2017 10:32 AM. (Error code: 
> > sec_error_expired_certificate)"
> >
> > Most people will use archive.debian.org, but still it's not so nice to 
> > see such a warning.
> >
> Even worse, the ssl certificate on https://archive.debian.org is invalid 
> too.
> 
> Common name is "gretchaninov.debian.org" and it appears self signed....

Thanks for the report. The contact for that host is debian-admin, who I
have CCed.

The gretchaninov certificate is signed by an internal "Debian SMTP CA"
which is probably not in your CA trust store (and is itself self signed).
So the certificate for the host itself is probably fine from a debian-admin
POV.

The issue is whether the archive.debian.org service is supposed to be
accessible over HTTPS and if so, its hosts need to be configured accordingly.

"archive.debian.org" would appear to be multi-hosted in some fashion, I got a
certificate warning for klecker.debian.org (neither klecker nor gretchaninov's
certificates seem to have subjectAltNames for archive.debian.org)


-- 
Jonathan Dowland
Please do not CC me, I am subscribed to the list.

Attachment: signature.asc
Description: Digital signature