<<< Date Index >>>     <<< Thread Index >>>

Re: Certificate



Kyle Wheeler yazmış:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday, January 21 at 09:20 AM, quoth Tolga:
When I connect to one remote server, I am told that my certificate expired and get "(r)eject, accept (o)nce". When I connect to another one, I don't get it. What is this and what to do about it?

It's not *your* certificate that's expired, it's *their* certificate.

Whenever you connect to a server and encrypt that connection (i.e. with SSL), the server must have an encryption certificate to use for encrypting the connection (I'm being very broad here, but for the purposes of this discussion, this is relatively accurate). These certificates are generally only good for a certain amount of time (for several very good reasons), and so have an expiration date embedded in them. When you connect to a server, the server sends you information about its certificate that includes the expiration date. So what's happening is that one of the servers you connect to is using an expired certificate. Now, generally, that's bad: expired certificates *can* be a sign that someone has brute-forced the certificate and is performing a man-in-the-middle attack against you. Or it can also be a sign of a system administrator that's asleep at the wheel. Either way, it's something that needs to be fixed.

Unfortunately, there's very little YOU can do to fix it, other than complain loudly to the people in charge of that particular server.
The one I get the (r)eject, accept (o) message with is one I own. So, how can I generate such a certificate?

Regards,
~mto
~Kyle
- -- If I had been married earlier in life, I wouldn't have seen the double helix. I would have been taking care of the kids on Saturday. On the other hand, I was lonely a lot of the time.
                                                        -- James Watson
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iEYEARECAAYFAkl3NyQACgkQBkIOoMqOI16nTgCgs4ZZAcbJ1zPQbqSL1SNoBM38
j44AoMuMAfBqcKg6Yn5zLLa9oa0sq7yT
=UHYW
-----END PGP SIGNATURE-----