| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | TJ <spi-inc(at)iam(dot)tj>, spi-general(at)lists(dot)spi-inc(dot)org |
| Subject: | Re: www.spi-inc.org uses an invalid security certificate |
| Date: | 2014-02-27 16:03:17 |
| Message-ID: | 530F61C5.9030107@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox |
| Thread: | |
| Lists: | spi-general |
On 02/26/2014 11:43 PM, TJ wrote:
>
> Early I accessed a secure Debian server [1] that presented a X509 certificate issued by an untrusted CA that turned out to be spi-inc.
>
> Visiting spi-inc.org [2] I hit another issue with an invalid certificate being presented causing Firefox to warn "The certificate is not valid for any server names" (as well as certificate not
> trusted). The certificate's Common Name is "members.spi-inc.org" and there are no Subject Alt Name hosts.
>
> How can we have trust in the CA when the CA itself cannot correctly manage its own certificates?
I would argue that you can't trust a CA, period. That said yes, we
should have proper certificates.
JD
--
Command Prompt, Inc. - http://www.commandprompt.com/ 509-416-6579
PostgreSQL Support, Training, Professional Services and Development
High Availability, Oracle Conversion, Postgres-XC, @cmdpromptinc
For my dreams of your image that blossoms
a rose in the deeps of my heart. - W.B. Yeats
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bill Allombert | 2014-02-27 16:31:35 | Re: www.spi-inc.org uses an invalid security certificate |
| Previous Message | TJ | 2014-02-27 07:43:32 | www.spi-inc.org uses an invalid security certificate |