cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: ocsp server certs expired

From: Michael Tänzer <michael.taenzer AT cacert.org>
To: Wytze van der Raay <wytze AT cacert.org>, Benny Baumann <benbe AT cacert.org>
Cc: "critical-admin AT cacert.org" <critical-admin AT cacert.org>, Sysadmins CAcert <cacert-sysadm AT lists.cacert.org>
Subject: Re: ocsp server certs expired
Date: Sun, 23 Aug 2015 16:52:28 +0200
Openpgp: id=E53B124B

Hi Wytze,

On 23.08.2015 06:49, Wytze van der Raay wrote:
> Just when about ready to leave for Froscon I have to discover that the
> OCSP server certificates (class1: Serial Number: 897984 (0xdb3c0),
> class3: Serial Number: 133348 (0x208e4)) have expired :-(

> Why aren't we notified about this in time? I am under the impression
> that you, as issuer of these org certificates, are notified by the
> system about upcoming expirations. Some action on this would be nice.

No, unlike private certificates, we are not notified about expiring org
certificates. So we weren't aware of that deadline too. When I was more
active I had a few events in my personal calendar when certificates were
about to expire, that's why I could give you an advance warning. I would
recommend that all administrators also keep track of the validity
periods of their certs, better to be safe than sorry.

> Now it is too late to do anything about it for today I guess.
> Please send us renewed certificates at the earliest possible moment.

Attached.

--
Cheers,
Michael Tänzer

Attachment: ocsp_class1.pem
Description: application/x509-ca-cert

Attachment: ocsp_class3.pem
Description: application/x509-ca-cert

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Re: ocsp server certs expired, Michael Tänzer, 08/23/2015