Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#15831 closed defect (fixed)

SSL certificate expired

Reported by: fedor.brunner Owned by: kstange
Milestone: Component: webpage
Version: Keywords:
Cc: datallah

Description

The SSL certificate for developer.pidgin.im has expired.

The current certificate:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:71:72:11:43:d7:ab:61:b7:99:b3:fd:9a:57:50:6f
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=PositiveSSL CA
        Validity
            Not Before: Dec  8 00:00:00 2008 GMT
            Not After : Dec  8 23:59:59 2013 GMT
        Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=developer.pidgin.im
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

Your certificate is using only 1024-bit RSA key, please make it longer. 1024 bit keys will be not supported in future: https://wiki.mozilla.org/CA:MD5and1024 The use of SHA-1 is not recommended for the generation of digital signatures in new systems; new systems should use one of the larger hash functions.

An example how to generate certificate request with SHA2-256 and 3072 bit RSA key. openssl req -newkey rsa:3072 -days 730 -sha256

Change History (4)

comment:1 Changed 6 years ago by Robby

  • Resolution set to fixed
  • Status changed from new to closed

Should be good now, thanks to datallah. As far as I can tell, it's a 2048-bit key.

comment:2 follow-up: Changed 6 years ago by fedor.brunner

The new certificat has issues with OCSP certificate checking. See the "OCSP ERROR":

https://www.ssllabs.com/ssltest/analyze.html?d=developer.pidgin.im

The page developer.pidgin.im can't be opened in browsers when OCSP validation is enabled.

comment:3 Changed 6 years ago by Robby

  • Cc datallah added

comment:4 in reply to: ↑ 2 Changed 6 years ago by datallah

Replying to fedor.brunner:

The new certificat has issues with OCSP certificate checking. See the "OCSP ERROR":

https://www.ssllabs.com/ssltest/analyze.html?d=developer.pidgin.im

The page developer.pidgin.im can't be opened in browsers when OCSP validation is enabled.

This is out of our control and will be resolved when the OCSP responders' cache catches up.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!