On 10/10/14 20:51, Charles Polisher wrote: > Not to keep beating a dead horse, but here's a related thing > that puzzles me. I wonder if anyone else gets a different > result. I've got 2 very different certs claiming to be the > Google Internet Authority G2. Same subject, same auth key ID, > same subject key id, same public key. Different certs. Huh? > > I'm sure if there's a simple explanation someone here > knows it.
pki.google.com: Serial Number: 146038 (0x23a76) X509v3 CRL Distribution Points: URI:http://g.symcb.com/crls/gtglobal.crl Authority Information Access: OCSP - URI:http://g.symcd.com Validity Not Before: Apr 5 15:15:55 2013 GMT Not After : Apr 4 15:15:55 2015 GMT drive.google.com: Serial Number: 146025 (0x23a69) X509v3 CRL Distribution Points: URI:http://crl.geotrust.com/crls/gtglobal.crl Authority Information Access: OCSP - URI:http://gtglobal-ocsp.geotrust.com Validity Not Before: Apr 5 15:15:55 2013 GMT Not After : Dec 31 23:59:59 2016 GMT Looks like the issuer of the original G2 cert (GeoTrust) has been bought by Symantec. Also looks like Symantec limits to a 2 year life span. (GeoTrust was 3 year cert.) BTW, both drive.google.com and pki.google.com have the same G2 cert now. (the Symantec version) In the future, you can run the following command and see if the old G2 cert (serial 23A69) is add to the old GeoTrust Certificate Revocation List (CRL). $ curl -s http://crl.geotrust.com/crls/gtglobal.crl | openssl crl -inform DER -text -noout Certificate Revocation List (CRL): Version 1 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA Last Update: Oct 11 06:43:00 2014 GMT Next Update: Oct 21 06:43:00 2014 GMT Revoked Certificates: Serial Number: 0234BA Revocation Date: Oct 11 14:19:52 2003 GMT Serial Number: 0235F8 Revocation Date: Aug 9 14:05:49 2006 GMT Serial Number: 02345D Revocation Date: May 22 08:08:43 2002 GMT Serial Number: 02345C Revocation Date: May 22 08:09:00 2002 GMT Serial Number: 023559 Revocation Date: Jul 22 12:59:26 2005 GMT Serial Number: 02366B Revocation Date: Jul 11 05:50:50 2007 GMT Serial Number: 02345A Revocation Date: May 21 13:48:04 2002 GMT Signature Algorithm: sha1WithRSAEncryption 7d:fd:d7:40:2a:cb:90:89:53:1f:77:42:ec:f2:3e:7e:3b:ec: ee:8e:e8:fa:36:2b:a4:07:db:5b:8d:c3:41:ca:fc:98:e8:63: da:4c:86:7d:91:76:a6:0a:aa:47:ab:26:0d:af:aa:00:ec:d2: 62:78:72:6c:60:d9:4d:82:5d:cd:98:2f:df:05:c6:e4:19:56: 60:42:e1:38:a7:ae:cb:f1:05:37:76:a4:69:04:1a:43:66:71: fc:6e:23:84:c2:73:20:3c:ad:db:f6:e2:a5:41:ca:87:e8:70: df:57:4e:ce:73:20:b7:a9:87:62:5c:36:49:42:7e:ec:f7:17: a7:ab:21:67:68:d8:5b:96:85:7a:39:35:a7:4c:fc:9a:9a:ce: e5:77:36:d3:16:9f:18:20:60:85:26:20:fb:4e:ed:07:61:8e: 7d:68:c1:f0:bc:84:c0:8a:ce:f8:88:5d:9e:73:68:4b:55:50: 11:0f:3a:5d:4a:f2:39:5a:3e:f9:4b:04:0d:cb:43:36:8c:3d: ee:c1:56:53:95:3d:03:b2:92:1b:13:52:7c:7b:cd:00:c3:56: 1a:e3:f8:03:de:41:bf:97:22:b1:90:a8:ee:18:ec:37:6e:74: bf:47:a7:c4:e8:06:22:3f:a6:b8:f5:e9:43:2c:88:99:69:c3: ab:a0:c0:dc -- Mr. Flibble King of the Potato People http://www.linkedin.com/in/RobertLanning _______________________________________________ Discuss mailing list Discuss@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
