[clug] lists.samba.org certificate

Kim Holburn kim at holburn.net
Tue May 19 16:53:50 GMT 2009 

It is up-to-date (just a month to go though) it just a certificate  
signed by a cert not trusted by your browser.  Nothing really wrong  
with these.  Some would say they are just as trustworthy as the things  
signed by the root certs in your browser.  You could always email the  
address in the cert (ca at samba.org) and see if anyone replied.

I suppose they could use a ca-cert.org certificate and support open  
source certs (hint, hint!).  I know some of the samba guys used to be  
cacert assurers.

Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 2 (0x2)
         Signature Algorithm: sha1WithRSAEncryption
         Issuer: C=US, ST=California, L=San Jose, O=Samba, CN=Samba  
Root CA/emailAddress=ca at samba.org
         Validity
             Not Before: Jun 11 12:54:02 2007 GMT
             Not After : Jun 10 12:54:02 2009 GMT
         Subject: C=US, ST=AL, O=Samba Dot Org, CN=lists.samba.org/emailAddress=ca at samba.org

Firefox is very over the top in its warnings about certs.


On 2009/May/19, at 4:47 PM, Peter Anderson wrote:

> Paul,
>
> I am using a PC running Windows XP SP-3. I have two browsers  
> installed:
>
>  1. Firefox 3.0.10 (my default browser) and it gives the errors I
>     posted before.
>  2. Internet Explorer 8 and it initially gave me a warning message
>     about a faulty or incorrect certificate, I chose to ignore the
>     warning and it took me to the correct pages.
>
> I also have a laptop running Ubuntu 9.01 and it uses Firefox 3.0.10  
> and has the same problem as Firefox on the Windows PC. The exact  
> error page is:
>
> Secure Connection Failed
>
> lists.samba.org uses an invalid security certificate. The  
> certificate is not trusted because the issuer certificate is  
> unknown. (Error code: sec_error_unknown_issuer)
>
> * This could be a problem with the server's configuration, or it  
> could be someone trying to impersonate the server.
> * If you have connected to this server successfully in the past, the  
> error may be temporary, and you can try again later.
>
> Or you can add an exception…
>
> You should not add an exception if you are using an internet  
> connection that you do not trust completely or if you are not used  
> to seeing a warning for this server.
>
> Adding an exception cures the problem. Perhaps it might be best if  
> the webmaster removes the security certificate or gets one that's up- 
> to-date.
>
> Regards,
> Peter
> -- 
> *Peter Anderson*
> There is nothing more difficult to take in hand, more perilous to  
> conduct, or more uncertain in its success, than to take the lead in  
> the introduction of a new order of things—Niccolo Machiavelli, /The  
> Prince/, ch. 6
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

-- 
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the linux mailing list