-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday, January 21 at 09:20 AM, quoth Tolga:
When I connect to one remote server, I am told that my certificate
expired and get "(r)eject, accept (o)nce". When I connect to another
one, I don't get it. What is this and what to do about it?
It's not *your* certificate that's expired, it's *their* certificate.
Whenever you connect to a server and encrypt that connection (i.e.
with SSL), the server must have an encryption certificate to use for
encrypting the connection (I'm being very broad here, but for the
purposes of this discussion, this is relatively accurate). These
certificates are generally only good for a certain amount of time (for
several very good reasons), and so have an expiration date embedded in
them. When you connect to a server, the server sends you information
about its certificate that includes the expiration date. So what's
happening is that one of the servers you connect to is using an
expired certificate. Now, generally, that's bad: expired certificates
*can* be a sign that someone has brute-forced the certificate and is
performing a man-in-the-middle attack against you. Or it can also be a
sign of a system administrator that's asleep at the wheel. Either way,
it's something that needs to be fixed.
Unfortunately, there's very little YOU can do to fix it, other than
complain loudly to the people in charge of that particular server.