[net-dns-users] SSL cert on www.net-dns.org
Doug Barton
dougb at dougbarton.us
Sun Jan 13 19:51:10 UTC 2013
On 01/13/2013 03:56 AM, Willem Toorop wrote:
> Hi Doug,
>
> Op 13-01-13 04:30, Doug Barton schreef:
>> Do y'all have anything to do with that site? It gives all kinds of
>> warnings in Firefox, like the use of an insecure signature algorithm,
>> and the fact that the cert is for *.nlnetlabs.nl.
>
> It also has *.net-dns.org in the "X509v3 Subject Alternative Name" part
> of the certificate.
>
> When you have CAcert.org's root certificate in your CA repository, it
> validates. At least Debian and Ubuntu have it in the ca-certificates
> package.
I use Ubuntu for my desktop. With Firefox (which doesn't have the cacert
root) it gives a warning. With Chromium it doesn't give a warning, but
the page renders differently using https:// than when you don't.
Check out the URL below for more info.
https://sslcheck.globalsign.com/en_GB/sslcheck?host=www.net-dns.org#213.154.224.135
> Also TLSA records confirming the certificate are present in the
> net-dns.org zone (which is itself dnssec signed):
Awesome, and irrelevant for 99.999% of Internet users. :)
Doug
More information about the net-dns-users
mailing list