On Tue, Oct 10, 2006 at 09:57:33PM +0200, Florent Rougon wrote: > > For those that don't know those files: > > http://www.spi-inc.org/secretary/spi-ca.crt > > http://www.spi-inc.org/secretary/spi-ca-fingerprint.txt
So Joerg just replaced them with the new ones: http://www.spi-inc.org/secretary/spi-ca.crt http://www.spi-inc.org/secretary/spi-ca.crt.fingerprint.txt (The name on http://www.spi-inc.org/secretary is confusing, but points to the right file.) And the old ones are now at: http://www.spi-inc.org/secretary/spi-ca-old.crt http://www.spi-inc.org/secretary/spi-ca-old-fingerprint.txt They're both part of the ca-certificates package in testing and unstable: new: /etc/ssl/certs/SPI_CA_2006-cacert.pem old: /etc/ssl/certs/spi-ca.pem > I didn't know these URLs, and I wouldn't bet they are well-known among > DDs... Anyway, I can verify the GPG sig of spi-ca-fingerprint.txt, but > then I don't know what the MD5 and SHA1 sums in it correspond to. > > The file contains: > > MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5 > > but unfortunately: > > % md5sum /etc/ssl/certs/spi-ca.pem > 33922a1660820e44812e7ddc392878cb /etc/ssl/certs/spi-ca.pem As pointed out by others, you can get to it using openssl. But you can also try and import the key in your browser, and they say examine/view certificate, at which point it should show you the MD5 sum and SHA1 sum too. The fingerprint of an ssh key is also something you don't check by running md5sum on a id_rsa.pub file, you use ssh-keygen -l for it. But it's alot handier that the whole public key is also available on the website. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]