Educause Security Discussion mailing list archives
Re: Problems with New Thawte Certificate Management Web Site?
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Tue, 24 Nov 2009 20:28:04 +1300
On 24/11/2009, at 12:07 PM, Elmes, Will wrote:
Could someone explain the IPSCA certs having a problem starting 12-31? We have a bunch of ISPSCA ones and this definitely has me concerned. I usually am able to crawl my way through deploying SSL certs but definitely do not understand all of it and could use an explanation. Thanks!
The only hard evidence I have found is here: https://bugzilla.mozilla.org/show_bug.cgi?id=523652 You can examine the certs in your browser and see the expiry dates there... The guts seems to be that there are a bunch of technical issues over the last months. *Some* of which have been sorted out if the link above is to be believed. The big one for us folk is that IPSCA have been signing our Certs with a key for which the Cert expires on the 29th Dec. Standard practice is that you must not issue certs with a validity period longer than that of the signing key. According to the above corespondence IPSCA thought they has a way around this and could thus get more milage from their key. They now appear to have admitted that this 'ingenious scheme' won't work so I am left assuming that the magic evaporates on the 29th and the certs become useless strings of bits. If anyone knows different then I'd be delighted to be corrected. I started renewing our IPSCA certs (~70 of them) today. Russell
Current thread:
- Problems with New Thawte Certificate Management Web Site? Gary Flynn (Nov 20)
- <Possible follow-ups>
- Re: Problems with New Thawte Certificate Management Web Site? Plesco, Todd (Nov 20)
- Re: Problems with New Thawte Certificate Management Web Site? Andy Scott (Nov 20)
- Re: Problems with New Thawte Certificate Management Web Site? Russell Fulton (Nov 23)
- Re: Problems with New Thawte Certificate Management Web Site? Elmes, Will (Nov 23)
- Re: Problems with New Thawte Certificate Management Web Site? Russell Fulton (Nov 23)