Re: Certificate
- To: mutt-users@xxxxxxxx
- Subject: Re: Certificate
- From: Kyle Wheeler <kyle-mutt@xxxxxxxxxxxxxx>
- Date: Wed, 21 Jan 2009 08:54:28 -0600
- Comment: DomainKeys? See http://domainkeys.sourceforge.net/
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=memoryhole.net; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=default; bh=1SPcN3Rk6bDAISZBYwy2iTEg/N0=; b=f5/x +75tLLlOa1RDL2/k4BmktuzX8vbLr2Szn6GHt1l2+QaDHZ2C8MnwLKemggZ/Gd+R +XMKUHlzsbdiEslABNJVVcj4lVcVBUSao0dglWKx47qm4y1J40CNmsW8BsWK9xhd A2iaHhv08XRFQ6TO6inwCj6kaNLolbJfCk80oqE=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=memoryhole.net; b=ktgg0UJo+B24JlFnsjy2pELvHeSeKE9lS/mqOQB2uRS4N+1945wmpqvO8C8ifoJ8yN73VO7y18qw7hJeo8PQpytwzJmnnQOAnnrwDnQaKno+2Vs30RVpaI8yO8SjZdPmYk2ef7wJdctj7lruSpqDH+WkqMntOCxOSq9KGvqueiU=; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:OpenPGP:User-Agent;
- In-reply-to: <4976CCBC.80505@xxxxxxxxx>
- List-post: <mailto:mutt-users@mutt.org>
- List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-users"
- Mail-followup-to: mutt-users@xxxxxxxx
- Openpgp: id=CA8E235E; url=http://www.memoryhole.net/~kyle/kyle-pgp.asc; preference=signencrypt
- References: <4976CCBC.80505@xxxxxxxxx>
- Sender: owner-mutt-users@xxxxxxxx
- User-agent: Mutt/1.5.19 (2009-01-11)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday, January 21 at 09:20 AM, quoth Tolga:
> When I connect to one remote server, I am told that my certificate
> expired and get "(r)eject, accept (o)nce". When I connect to another
> one, I don't get it. What is this and what to do about it?
It's not *your* certificate that's expired, it's *their* certificate.
Whenever you connect to a server and encrypt that connection (i.e.
with SSL), the server must have an encryption certificate to use for
encrypting the connection (I'm being very broad here, but for the
purposes of this discussion, this is relatively accurate). These
certificates are generally only good for a certain amount of time (for
several very good reasons), and so have an expiration date embedded in
them. When you connect to a server, the server sends you information
about its certificate that includes the expiration date. So what's
happening is that one of the servers you connect to is using an
expired certificate. Now, generally, that's bad: expired certificates
*can* be a sign that someone has brute-forced the certificate and is
performing a man-in-the-middle attack against you. Or it can also be a
sign of a system administrator that's asleep at the wheel. Either way,
it's something that needs to be fixed.
Unfortunately, there's very little YOU can do to fix it, other than
complain loudly to the people in charge of that particular server.
~Kyle
- --
If I had been married earlier in life, I wouldn't have seen the double
helix. I would have been taking care of the kids on Saturday. On the
other hand, I was lonely a lot of the time.
-- James Watson
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!
iEYEARECAAYFAkl3NyQACgkQBkIOoMqOI16nTgCgs4ZZAcbJ1zPQbqSL1SNoBM38
j44AoMuMAfBqcKg6Yn5zLLa9oa0sq7yT
=UHYW
-----END PGP SIGNATURE-----