CAcert System Admins discussion list

[Daniel Black <daniel AT cacert.org>]

On Tuesday 28 April 2009 19:37:16 Wytze van der Raay wrote:
> CAcert Support (Alejandro M.) schreef:
> > ...
> > as the user noticed the certificate in ocsp.cacert.org is expired,
> > BUT... who can issue the cacert.org certificates? "support" can't.
> > who "owns" the domain?
>
> We need to collect all the information about cacert.org's internal
> certificates in one place. I'd like to setup a wiki page containing
> the following information for each certificate:
>
>       domain name
>       owner
>       alternative names on the certificate
>       current expiration date
>       where are key and cert kept
>       any other relevant info
>
sounds good

> We need this for (at least):
>
>       email.cacert.org *
>       lists.cacert.org *
>       bugs.cacert.org
>       irc.cacert.org
>       blog.cacert.org
>       wiki.cacert.org
>       crl.cacert.org
>       ocsp.cacert.org
>       svn.cacert.org
>       community.cacert.org *
>       hashserver.cacert.org
>       translingo.cacert.org
>       cats.cacert.org
>       audit.cacert.org
>       www.cacert.org
>
+secure.cacert.org

> Who can supply information for this?
>
I can do the *'d ones above. I'll fill it out when I see a page created.

> In general I would expect the certificate owner to be responsible for
> timely renewal and re-installation of the certificate, but an alternative
> check seems useful.

Does CAcert send out reminder emails for everyone when certs are about to 
expire? Is this granular enough to support multiple certificate owners within 
a 
domain? If it becomes a problem for us to maintain dispersed certificates, 
I'm 
sure others do too. Lets get this as a function of BirdShack[1]. Or maybe a 
XMLrpc function to autoreplace expired certificates :-) (i'll fully read the 
development plan first).

[1] https://lists.cacert.org/wws/arc/cacert-devel/2009-04/msg00018.html

Daniel Black
--
Email/List Administrator
CAcert