<<< Date Index >>>     <<< Thread Index >>>

Re: Certificate



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday, January 21 at 09:20 AM, quoth Tolga:
> When I connect to one remote server, I am told that my certificate 
> expired and get "(r)eject, accept (o)nce". When I connect to another 
> one, I don't get it. What is this and what to do about it?

It's not *your* certificate that's expired, it's *their* certificate.

Whenever you connect to a server and encrypt that connection (i.e. 
with SSL), the server must have an encryption certificate to use for 
encrypting the connection (I'm being very broad here, but for the 
purposes of this discussion, this is relatively accurate). These 
certificates are generally only good for a certain amount of time (for  
several very good reasons), and so have an expiration date embedded in 
them. When you connect to a server, the server sends you information 
about its certificate that includes the expiration date. So what's 
happening is that one of the servers you connect to is using an 
expired certificate. Now, generally, that's bad: expired certificates 
*can* be a sign that someone has brute-forced the certificate and is 
performing a man-in-the-middle attack against you. Or it can also be a 
sign of a system administrator that's asleep at the wheel. Either way, 
it's something that needs to be fixed.

Unfortunately, there's very little YOU can do to fix it, other than 
complain loudly to the people in charge of that particular server.

~Kyle
- -- 
If I had been married earlier in life, I wouldn't have seen the double 
helix. I would have been taking care of the kids on Saturday. On the 
other hand, I was lonely a lot of the time.
                                                        -- James Watson
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iEYEARECAAYFAkl3NyQACgkQBkIOoMqOI16nTgCgs4ZZAcbJ1zPQbqSL1SNoBM38
j44AoMuMAfBqcKg6Yn5zLLa9oa0sq7yT
=UHYW
-----END PGP SIGNATURE-----