Any objection to getting a new StartCom cert using the thorough CSR that Evan Kinney put together? I only ask because server admin is not what I do, and I want to make sure there's not a good reason not to take care of it.
-Evan On Wednesday, July 4, 2012 at 12:25 PM, Augie Fackler wrote: > > On Jul 4, 2012, at 12:01 PM, Evan D. Schoenberg, M.D. wrote: > > > Absolutely. We're part of Instant Messaging Freedom, Inc., which is a > > registered 501(c)(3) not-for-profit. We could certainly get a cert under > > that banner. I don't know if Pidgin's cert is via them or not; is there an > > easy way to check, or should we just email the pidgin list and ask? > > www.pidgin.im (http://www.pidgin.im) isn't listening on 443. > developer.pidgin.im (http://developer.pidgin.im) is though, and I've included > what I learned by inspecting their cert. It doesn't list anything helpful. > > augie% echo | openssl s_client -showcerts -connect developer.pidgin.im:443 > (http://developer.pidgin.im:443) | awk '/-----BEGIN > CERTIFICATE-----/,/-----END CERTIFICATE-----/' | openssl x509 -noout -text > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 10:71:72:11:43:d7:ab:61:b7:99:b3:fd:9a:57:50:6f > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, > CN=PositiveSSL CA > Validity > Not Before: Dec 8 00:00:00 2008 GMT > Not After : Dec 8 23:59:59 2013 GMT > Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=developer.pidgin.im > (http://developer.pidgin.im) > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:c2:09:ae:bf:de:95:0e:a7:e4:9e:88:61:91:29: > 58:93:19:8d:6c:9c:2a:e9:dc:ba:47:f7:8a:3e:ee: > 39:de:82:ec:ea:c7:a6:e5:79:fc:c7:fd:e3:64:1c: > 73:85:2f:a4:d0:28:08:2a:7e:82:df:1b:03:0c:8e: > de:da:66:74:19:49:9d:66:fc:af:bc:a9:45:11:84: > bc:89:68:bb:d9:5d:41:7c:45:fd:d1:87:6a:68:b6: > 2d:4e:0b:08:fa:9e:6f:10:21:6d:d3:8f:d4:15:ec: > dd:71:14:8d:8c:84:2a:c8:1f:57:0c:ee:29:05:38: > ce:ce:68:aa:b7:de:93:01:b5 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Authority Key Identifier: > keyid:B8:CA:11:E9:06:31:79:DB:C3:94:C6:E8:19:2A:BC:BB:35:16:31:A4 > > X509v3 Subject Key Identifier: > 01:71:E5:7F:3E:8E:97:ED:E3:6F:7F:7C:4D:5D:25:1C:24:09:51:CC > X509v3 Key Usage: critical > Digital Signature, Key Encipherment > X509v3 Basic Constraints: critical > CA:FALSE > X509v3 Extended Key Usage: > TLS Web Server Authentication, TLS Web Client Authentication > Netscape Cert Type: > SSL Client, SSL Server > X509v3 Certificate Policies: > Policy: 1.3.6.1.4.1.6449.1.2.2.7 > CPS: http://www.positivessl.com/CPS > > X509v3 CRL Distribution Points: > URI:http://crl.comodoca.com/PositiveSSLCA.crl > URI:http://crl.comodo.net/PositiveSSLCA.crl > > Authority Information Access: > CA Issuers - URI:http://crt.comodoca.com/PositiveSSLCA.crt > OCSP - URI:http://ocsp.comodoca.com > > X509v3 Subject Alternative Name: > DNS:developer.pidgin.im, DNS:www.developer.pidgin.im > (http://www.developer.pidgin.im) > Signature Algorithm: sha1WithRSAEncryption > a3:39:27:e5:ba:5f:9f:a3:d7:21:f3:a1:61:3f:3b:5d:5a:a6: > 3c:b0:cc:ad:8b:f6:d6:cf:76:64:76:06:c7:33:3c:9a:d6:a2: > 02:cb:01:c1:35:c7:40:bc:23:2a:01:9a:a5:a1:23:06:0c:81: > 1b:52:8d:2b:e8:7c:62:af:ae:89:52:01:1d:62:5c:8e:f3:21: > e3:01:4d:77:d2:6b:75:93:cb:62:bd:21:d0:71:f9:5b:cd:b3: > e6:d7:0c:2f:1d:7e:fc:94:f1:09:c8:a4:50:20:4a:1f:79:a3: > ae:68:79:18:7b:86:e3:20:be:75:2d:db:07:8a:94:f3:c3:16: > 9b:b8:5e:8e:b5:a9:19:5a:b8:10:45:40:c3:01:e6:e4:c0:7f: > 25:63:cd:a5:54:8c:57:62:b5:c9:5f:7c:33:fa:55:c4:b3:dc: > f2:20:45:03:9f:d3:d1:74:01:0e:54:81:f4:69:56:96:a3:e8: > 22:de:28:cf:c1:d9:ef:c8:cd:14:41:27:e0:dc:08:a0:32:52: > 0c:51:06:f1:eb:ff:78:d7:55:c7:17:eb:a4:37:bd:d9:e8:24: > 6c:99:ae:ee:56:1b:50:cb:ad:f4:44:46:43:8e:32:cb:37:1f: > d3:dc:4c:00:be:13:84:72:b6:cb:66:ca:60:4a:d6:ea:41:74: > 94:89:7d:30 > >
