CAcert Code Development list.

[Benny Baumann <benbe AT cacert.org>]

Dear Infrastructure List, Dear Developer List,

Sorry for the cross-posting infra+devel. I'll try to keep it short:

as the old certificate for bugs.cacert.org would have expired in about
one month anyway - AS DO MOST OTHER SERVICE'S CERTIFICATES!!! - please
be aware that the certificate on bugs.cacert.org has been renewed.

This switch includes the following changes:
- The Certificate is now issued under the CAcert Class 3 intermediate
certificate
- The server at bugs.cacert.org is now configured to send the RE-SIGNED
class3 certificate (serial 0E) for its chain.

While the first change has been up for quite some time now (we should
switch ALL our services' domain certificates to class3) the second one
is to allow for testing of the re-signed roots (cf. bug 1305).


@Developers:
Please check that access to the bug tracker at https://bugs.cacert.org
still works as usual with all combinations of installed
roots/intermediates as appropriate.

Please in particular test with exotic devices and configurations. In
particular: Apple, WinXP ATM, your favourite no-name Linux distribution, ...

Only pre-condition: At least the old or new Class 1 must be installed
AND trusted.

Please reply with feedback to cacert-devel AT l.c.o ONLY.


@Infrastructure:
Please review your configurations and prepare a CSR for signing a new
certificate as necessary.

CSRs should have:
- Public Key: RSA 4096 bit or larger
- Preferably new key material (please don't reuse old keys)
- A CN for the primary service subdomain
- All necessary SANs of the service

When installing the new certificate preferably chain using the re-signed
class 3 certificate. Please announce systems using the re-signed class 3
intermediate (e.g. by dropping me a note).

Kind regards,
Benny Baumann
CAcert Software Assessment

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature