[CentOS] projects.centos.org - certificate has expired

Giles Coochey giles at coochey.net
Tue Aug 21 15:12:16 UTC 2012


On 21/08/2012 15:47, Greg Bailey wrote:
> On 8/21/2012 7:39 AM, John Doe wrote:
>> From: Rainer Duffner <rainer at ultra-secure.de>
>>
>>> Just FYI
>>> I guess, you could also run your own CA and sign stuff yourself.
>>> After all, your RPMs are also self-signed ;-)
>> But that means the browsers will complain until each user permanently adds
>>
>> this untrusted certificate manually... which might be no big deal if only a
>>
>> few ttech savy people are using this sub-domain...
>>
>> If CentOS is "rich", a wildcard certificate costs around $120/year,
>>
>> maybe cheaper...
>>
> Or $0/year at startssl.com...
>
> -Greg
>
>
I use startssl.com - and generally it is fine... I have however had a 
problem.
Someone recently sent an email in my name (but not from my email 
address) asking for my certificate to be revoked to the startssl 
certmaster. The startssl certmaster went ahead and revoked my 
certificate, this caused me a fair amount of pain, and obviously there 
is little cross-verification done against this type of 
social-engineering attack.
I have been told that it is unlikely to happen again (because my account 
now has red flags all over it), but if you use certificates for anything 
serious you might want to use an organisation that has enough funding to 
perform some cross-verification against such attacks..

-- 
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles at coochey.net




More information about the CentOS mailing list