Website SSL certificate dead
Shadow Hawkins on Thursday, 26 July 2012 14:32:49
it wasnt digitally signed, so it cant be proved to be SSL, and when using ipv6 ssl, its basically connecting to a website full of malware, then connecting to the website you want to connect to
malware----------ipv6 website
|
|
|
|
|
|
ur POP-------------------you
Website SSL certificate dead
Jeroen Massar on Thursday, 26 July 2012 14:52:59
You are not providing a lot of details, for instance what website are you talking about? And what site is "full of malware"?
Website SSL certificate dead
Shadow Hawkins on Wednesday, 26 September 2012 23:47:49
I believe this is about the sixxs.net ssl cert. It's signed by CACert and the CACert root certificate may not be included in every browser out there. Installing the root cert and the intermediate cert solves the problem.
Interestingly Google Chrome claims that the sixxs.net cert is signed by a weak signature algorithm but it's definitely not unless SHA-1 with RSA is considered weak now. Other browsers accept the sixxs.net cert just fine if the root certs are installed.
Website SSL certificate dead
Shadow Hawkins on Wednesday, 26 September 2012 23:56:11
It turns out that the intermediate cert for "CAcert Class 3 Root" is signed with MD5 and Google Chrome considers that a weak signature algorithm...
Website SSL certificate dead
Jeroen Massar on Thursday, 27 September 2012 07:47:21
My Chrome (nightly build) accepts it just fine without any complaints.
And if I click on the green padlock icon, click on the connection tab, then on the "Certificate Information" I see:
CA Cert Signing Authority
Serial: 0
Version: 3
Signature Algorithm: MD5 with RSA Encryption
SHA1: 13 5C EC 36 F4 9C B8 E9 3B 1A B2 70 CD 80 88 46 76 CE 8F 33
Which is the same as CACert distributes
and which is also shown in the CACert's StateOverview that this is still MD5.
CAcert Class 3 Root
Serial: 672138
Version 3
Signature Algorithm: SHA-256 with RSA Encryption
SHA1: AD 7C 3F 64 FC 44 39 FE F4 E9 0B E8 F4 7C 6C FA 8A AD FD CE
Which is the same as CACert distributes
Note that you need to re-download it if you had it before the change, check the serial and fingerprint for comparison.
www.sixxs.net
Serial: 60129
Version: 3
Signature Algorithm: SHA-1 with RSA Encryption
SHA1: 17 1C 98 23 DB 71 ED 84 CF 72 2C 31 FB 56 36 E9 1A F1 38 42
See also this news article when we last updated the certificates.
Website SSL certificate dead
Shadow Hawkins on Thursday, 27 September 2012 10:56:03
Updating the certificates fixed the problem, thanks!
Posting is only allowed when you are logged in. |