Idézem/Quoting Werner Flamme <[email protected]>:
Am 04.12.2020 um 16:52 schrieb [email protected]:I configured monit to monitor the TLS certificate validity of all of our highly productive websites. To all websites, the unnecessary full certificate (without root CA) was installed. However, on 30th of May 2020 one of the chain certificates (COMODO) ran out of its validity period. Obviously monit only checks for the server certificate, that's why the check did not notice this, and such a check is completely pointless. It led to a massive damage to my company, and since I was to deal with monitoring as well as TLS certificates, I had to move on to find a new job.I do not understand why a server certificate is valid longer than any of the intermediate certificates. Has the COMODO intermediate certificate been revoked or did it reach its valid date?
Hello Werner! It was a transition to anther signing root. PKI is a changing landscape. Google for COMODO 2020 cross-signing. SZÉPE Viktor, webes alkalmazás üzemeltetés / Running your application https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md ~~~ ügyelet 🌶️ hotline: +36-20-4242498 [email protected] skype: szepe.viktor Budapest, III. kerület
smime.p7s
Description: S/MIME Signature
