On 20/12/11 16:18, Michael Becker wrote: > I'm running a firefox plugin called certpartol which alerts me to unusual > ssl cert changes. > > The existing cert signed by GeoTrust, Inc. wasn't set to expire until > 2016-07-19 02:17:12. > The new cert is signed by DigiCert Inc. > > I just want to make sure this is an intentional change and not a fake cert. > > I took a screenshot of the certpatrol warning @ > http://img204.imageshack.us/img204/8463/screenshot20111220at953.png
It's legitimate. The certificate was changed last week to a new one which also supports *.m.wikipedia.org Old certificate (rapidssl): > SHA1: 75 B7 57 24 74 3F F9 3D 6D F4 7F 5C 5A 8C 65 5A 8F 28 1B C2 > MD5: 8B FE CE DA 58 76 48 71 EF 0C EE 1C BD D6 19 6F New certificate (digicert): > SHA1: 03 47 7F F5 F6 3B F5 B6 10 C0 7D 65 9A 7B A9 12 D3 20 83 68 > MD5: C0 C8 F7 A0 33 20 A2 D4 2E 27 65 73 42 4C A0 24 Although I could be a moron which trojanised your connection and is trying to fool you ;) It _should_ be possible to confirm this by looking at the Server Admin Log entries of 13 December: > 00:15 LeslieCarr: depooling and restarting ssl1001 withnew cert > 00:14 LeslieCarr: pushing out new digicert certificate for *.wikipedia.org if only wikitech wasn't using an expired self-signed certificate... _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
