[net-dns-users] SSL cert on www.net-dns.org

Doug Barton dougb at dougbarton.us
Sun Jan 13 19:51:10 UTC 2013

On 01/13/2013 03:56 AM, Willem Toorop wrote:
> Hi Doug,
> Op 13-01-13 04:30, Doug Barton schreef:
>> Do y'all have anything to do with that site? It gives all kinds of
>> warnings in Firefox, like the use of an insecure signature algorithm,
>> and the fact that the cert is for *.nlnetlabs.nl.
> It also has *.net-dns.org in the "X509v3 Subject Alternative Name" part
> of the certificate.
> When you have CAcert.org's root certificate in your CA repository, it
> validates. At least Debian and Ubuntu have it in the ca-certificates
> package.

I use Ubuntu for my desktop. With Firefox (which doesn't have the cacert 
root) it gives a warning. With Chromium it doesn't give a warning, but 
the page renders differently using https:// than when you don't.

Check out the URL below for more info.


> Also TLSA records confirming the certificate are present in the
> net-dns.org zone (which is itself dnssec signed):

Awesome, and irrelevant for 99.999% of Internet users. :)


More information about the net-dns-users mailing list