Certificate for forums.freebsd.org changed?

Can someone verify the fingerprint of the new certificate for forums.freebsd.org, please?
Certificate issued by Gandi Standard SSL CA 2
Code:
SHA-256 D9:2B:B8:10:0B:AD:C8:EF:6B:15:E7:43:2E:56:58:70:CD:42:3D:95:1B:68:56:FF:36:30:12:DE:44:7D:C8:BA
And it would be nice to be informed when such events take place.
Is there a link where one can verify it?
 
I don't understand the problem. Sites change and update certs all the time, especially now that Google, and others, are deprecating and obsoleting some algorithms.

Did you get a browser error?
 
Personally I got one this morning.

-- Edit --
And still have as shown by this image.

-- Edit 2 --
Can it come from the recent update of security/ca_root_nss ? (meaning I have the old one and may need the new one)
 

Attachments

  • certifproblem.png
    certifproblem.png
    40.5 KB · Views: 221
I didn't see a thing and that's probably because my browser (chrome on OS X) works correctly and doesn't make a fuss about changed but yet completely valid certificate.
 
When you get a warning from your browser regarding a certificate that nasty things might going on, do you always just click OK blindly?
What purpose do fingerprints have?
What's a fingerprint worth, when you cannot verify it?
There's no need to verify the certificate because it's been signed by a trusted CA and verification is done automatically. The only reason you get the warning is when your browser doesn't trust this CA and therefore cannot validate it.
 
Hi All,

What is going on with the Forums SSL certificate then?
  • On FreeBSD v10.1-p9 (using Midori), the signing certificate authority is not known (can't view),
  • On Android (4.4.2) I get NET::ERR_CERT_AUTHORITY_INVALID, and
  • On MS Windows (with recent updates now applied) I don't get an issue and the keychain looks valid!?
If you give the SSL cert a quick rollover in a SSL analyser, the issue seems to be that the Gandi Standard SSL CA 2 certification chain is not valid to a root CA:
https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org&hideResults=on

Seems looking at Gandi's website, they have a known issue where by intermediate sub-CA authority SHA2 certificates need to be installed on the webserver as well as the signing cert:
http://wiki.gandi.net/en/ssl/intermediate

Who should this be raised to get fixed?

Kr,

James
 
I didn't see a thing and that's probably because my browser (chrome on OS X) works correctly and doesn't make a fuss about changed but yet completely valid certificate.
Chrome's behaviour across platforms is apparently inconsistent. Below is what the latest Chrome (with default security settings) decides to do on Android.
 
Chrome's behaviour across platforms is apparently not consistent. Below is what the latest Chrome (with default security settings) decides to do on Android.

My guess it depends on the pre-loaded certificates that come with the OS, chrome on OS X uses what Apple has put in the system keychain.
 
Works fine for me too with Firefox on FreeBSD 10.1-RELEASE-p9. Thanks !
 
Sorry about that folks, I just verified it worked in one browser.. Will check with SSLLabs in the future to make sure things are 100%.
 
Back
Top