Hey! So, following http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html , we are getting a new cert... I've seized that opportunity to rekey too; Nothing fancy as the CA doesn't like ECC keys... but a new key nevertheless.
I've deployed it onto https://freenetproject.org:4433 for testing and updated the DANE/PKP records to allow for a smooth migration Before the switch-over can happen, we need a new release to deploy the new intermediary CA (src/freenet/clients/http/staticfiles/startssl.pem needs updating, so does the installer) as we were pinning that rather than the root For the records, the new fingerprint is: SHA256 Fingerprint=9E:DB:C4:E7:49:14:24:93:53:F4:79:ED:DD:AB:13:8C:21:74:B3:14:32:94:96:7D:A5:B8:44:47:E6:DB:C1:2C SHA1 Fingerprint=6F:95:89:4F:B7:5B:B8:49:BB:E8:1C:59:F1:9E:1E:01:2C:76:5F:86 NextGen$ PS: you can check the signature of this email on https://keybase.io/nextgens
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
