On 02/26/2014 11:43 PM, TJ wrote:
Early I accessed a secure Debian server [1] that presented a X509 certificate issued by an untrusted CA that turned out to be spi-inc. Visiting spi-inc.org [2] I hit another issue with an invalid certificate being presented causing Firefox to warn "The certificate is not valid for any server names" (as well as certificate not trusted). The certificate's Common Name is "members.spi-inc.org" and there are no Subject Alt Name hosts. How can we have trust in the CA when the CA itself cannot correctly manage its own certificates?
I would argue that you can't trust a CA, period. That said yes, we should have proper certificates.
JD -- Command Prompt, Inc. - http://www.commandprompt.com/ 509-416-6579 PostgreSQL Support, Training, Professional Services and Development High Availability, Oracle Conversion, Postgres-XC, @cmdpromptinc For my dreams of your image that blossoms a rose in the deeps of my heart. - W.B. Yeats _______________________________________________ Spi-general mailing list Spi-general@lists.spi-inc.org http://lists.spi-inc.org/listinfo/spi-general
