On Thursday 15 May 2008 14:20, Florent Daigni?re wrote:
> * Matthew Toseland <toad at amphibian.dyndns.org> [2008-05-15 14:03:54]:
>
> > On Thursday 15 May 2008 13:56, you wrote:
> > > Hi,
> > >
> > > Due to a recent debian-specific bug in openssl, I've regenerated
> > > the SSL certificates on emu; here are the new fingerprints:
> > >
> > > subject= /C=KR/ST=Daejeon/L=Daejeon/O=freenetproject.org/OU=StartCom
Free
> > Certificate
> >
Member/CN=emu.freenetproject.org/emailAddress=hostmaster at freenetproject.org
> > > SHA1
Fingerprint=F3:8F:A6:8C:73:95:05:03:96:7E:F6:3B:24:D8:B8:AE:AD:E0:66:11
> > >
> > > subject= /C=KR/ST=Daejeon/L=Daejeon/O=freenetproject.org/OU=StartCom
Free
> > Certificate
> >
Member/CN=bugs.freenetproject.org/emailAddress=hostmaster at freenetproject.org
> > > SHA1
Fingerprint=B5:C3:DE:5B:64:D1:DF:24:0C:FD:7D:C2:14:77:03:54:2A:B9:35:B1
> > >
> > > Apache, dovecot and postfix are using those from now on. I have
> > > also changed the key we are using to sign the installer... but
> > > as it doesn't work as I'd like it to it might change again
> > > soon... Anyway, I will keep you posted.
> >
> > Will this break incoming opportunistic SSL?
>
> No that won't; our previous certificate wasn't trusted by any CA.
>
> > Don't other mailers expect the cert to stay the same once they've seen it?
>
> No, if they were accepting non-trusted certificates, there is no point
> in rejecting a trusted one...
>
And if we change it again, they won't reject it as long as it's a trusted
cert. Okay.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20080515/3c5fcf6e/attachment.pgp>
