Subject: CAcert Code Development list.
List archive
- From: Benny Baumann <benbe AT cacert.org>
- To: Ales Kastner <alkas AT volny.cz>, cacert-support AT lists.cacert.org
- Cc: Developers CAcert <cacert-devel AT lists.cacert.org>
- Subject: Re: Discrepances on the test server
- Date: Tue, 16 Feb 2016 14:45:09 +0100
Hi Ales,
Am 16.02.2016 um 14:26 schrieb Ales Kastner:
> Hello Support,
>
> there are some confusing behaviours on the cacert1.it-sls.de, roots page:
>
> All roots' fingerprints published belong to CAcert roots, not to
> testserver roots. No check possible.
> There are 2 (two) different root (class 1) certs? One with the
> fingerprint
> starting 2d3a31... (serial 0f), and the other with the fingerprint starting
> 5b26e7... (serial 00). Or is the former the new one?
The certificate with serial 0f is the one, that has been re-signed. Due
to some incompatibilities found since the FrOSCon run an updated version
compared to the resulting file from back then is currently installed.
> The link "Root Certificate (CER Format base64 encoded)" does not work
> (page not found).
> The link "Intermediate Certificate (CER Format base64 encoded)" points
> to
> the class3.der file. not a CER file.
Will have a look at this on the test server.
>
> Please tell me whether are you aware of that?
First one: Yes; second one: Will have a look.
> Best Regards,
> Aleš Kastner
>
Kind regards,
BenBE.
NB: Note that you shouldn't (RFC2119: MUST NOT) trust the Test Server
roots anyway as EVERYBODY has access to /EVERYTHINNG/ on that server and
could possibly issue certificates for /EVERY/ domain. This is by design
of the test server. The trust level of the test server root
approximately equals that of your average con man.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: Discrepances on the test server, Benny Baumann, 02/16/2016
- Re: Discrepances on the test server, Benny Baumann, 02/17/2016
Archive powered by MHonArc 2.6.18.