www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Whittington (JIRA)" <j...@apache.org>
Subject [jira] [Created] (INFRA-7805) TLS cert on people.apache.org:465 has reverted
Date Sun, 25 May 2014 22:01:02 GMT
Tim Whittington created INFRA-7805:
--------------------------------------

             Summary: TLS cert on people.apache.org:465 has reverted
                 Key: INFRA-7805
                 URL: https://issues.apache.org/jira/browse/INFRA-7805
             Project: Infrastructure
          Issue Type: Bug
            Reporter: Tim Whittington


Connecting to people.apache.org:465 shows the following cert:

{noformat}
SHA1 Fingerprint=DD:73:02:E6:4F:9E:FC:48:82:CC:61:68:F6:98:F0:AA:66:43:84:78
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:f7:a7:a6:0a:f6:66:54:e7:44:33:04:de:eb:4c:c7
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Thawte, Inc., CN=Thawte SSL CA
        Validity
            Not Before: Feb  7 00:00:00 2014 GMT
            Not After : Apr  7 23:59:59 2016 GMT
        Subject: C=US, ST=Maryland, L=Forest Hill, O=Apache Software Foundation, OU=Infrastructure,
CN=*.apache.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cb:66:4c:31:b9:cc:5e:2c:24:80:c2:06:bc:63:
                    74:79:3e:ec:2b:ad:28:0f:02:48:1d:e8:75:8b:e8:
                    f6:a2:d0:48:e7:b2:1f:b2:6d:4f:44:ba:d4:90:9c:
                    08:b8:06:56:e7:cf:a8:71:ab:12:74:e5:57:ff:ab:
                    ba:14:79:c9:02:7e:20:57:4e:de:77:79:f5:68:7f:
                    53:97:86:19:fc:3f:12:cc:03:da:1a:0c:fc:22:66:
                    48:41:c9:71:cb:92:0e:1a:73:ac:74:70:ca:1a:45:
                    50:12:e9:0f:fa:05:11:28:ac:f4:c0:04:42:56:82:
                    59:56:bd:66:e9:aa:78:1d:bf:49:61:33:6e:bd:9b:
                    d3:c7:7e:48:33:8c:d2:39:9b:28:ba:ee:53:11:5f:
                    57:52:96:3d:d1:86:21:3f:df:34:42:07:b9:e7:8c:
                    ee:85:00:d0:1d:e6:c0:8c:64:ec:a5:ab:42:6e:66:
                    cf:e1:e6:88:cd:54:a7:18:29:02:80:23:60:ee:81:
                    ed:b7:f9:08:84:37:19:f5:40:0f:c9:be:1d:0a:8f:
                    b7:49:64:e7:2c:08:0b:d8:2f:36:92:fb:d0:ae:9f:
                    65:e7:e0:88:cd:ec:45:ee:44:a3:8d:88:5f:b4:16:
                    34:d0:d3:6f:ad:0b:a1:c2:4b:13:d1:36:9f:92:ad:
                    76:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:*.apache.org
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.54
                  CPS: https://www.thawte.com/cps/

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Authority Key Identifier: 
                keyid:A7:A2:83:BB:34:45:40:3D:FC:D5:30:4F:12:B9:3E:A1:01:9F:F6:DB

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://svr-ov-crl.thawte.com/ThawteOV.crl

            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            Authority Information Access: 
                OCSP - URI:http://ocsp.thawte.com
                CA Issuers - URI:http://svr-ov-aia.thawte.com/ThawteOV.cer

    Signature Algorithm: sha1WithRSAEncryption
         17:b5:5c:87:5e:eb:22:33:64:f2:4e:f3:a8:e5:06:b3:a3:ca:
         34:3a:f9:0a:df:af:ea:6e:18:2e:29:12:3c:45:dd:23:49:cd:
         bd:c7:7f:19:8e:f9:51:d5:5f:fc:25:c0:a2:26:3b:4c:dd:22:
         12:e0:04:9f:34:7a:fa:7d:c0:16:b7:63:ea:e4:bf:5e:be:3b:
         76:0f:88:85:2a:e4:45:4d:95:72:69:54:40:6b:94:5a:f4:d2:
         3f:37:90:89:61:b6:0d:ab:84:0a:0e:99:d2:1c:c3:8b:00:8d:
         b8:af:e3:90:24:5d:1c:ef:38:31:8f:ce:20:6b:a4:cf:91:fd:
         22:e0:ba:27:2b:f1:91:63:b9:4f:93:cf:af:0b:0b:95:50:fd:
         c7:a2:e8:04:55:63:ee:c4:cb:d2:74:2c:c1:0d:62:82:55:27:
         52:cb:d2:33:78:e8:da:9b:65:63:c0:cc:75:26:66:d8:ad:23:
         62:f7:7e:69:07:25:ca:cd:76:b3:34:f2:c2:85:23:f3:fb:45:
         8e:18:10:17:0d:dc:32:89:74:a9:41:af:bf:09:02:6e:48:30:
         77:d7:d4:52:09:31:a3:9f:e3:3b:59:ac:4e:bf:05:99:42:9a:
         b0:b8:19:a2:35:b2:92:04:09:dc:36:ef:a7:b3:a6:d8:b5:14:
         5a:56:7e:99
-----BEGIN CERTIFICATE-----
MIIEtzCCA5+gAwIBAgIQVPenpgr2ZlTnRDME3utMxzANBgkqhkiG9w0BAQUFADA8
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRYwFAYDVQQDEw1U
aGF3dGUgU1NMIENBMB4XDTE0MDIwNzAwMDAwMFoXDTE2MDQwNzIzNTk1OVowgYsx
CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxQLRm9yZXN0
IEhpbGwxIzAhBgNVBAoUGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMRcwFQYD
VQQLFA5JbmZyYXN0cnVjdHVyZTEVMBMGA1UEAxQMKi5hcGFjaGUub3JnMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2ZMMbnMXiwkgMIGvGN0eT7sK60o
DwJIHeh1i+j2otBI57Ifsm1PRLrUkJwIuAZW58+ocasSdOVX/6u6FHnJAn4gV07e
d3n1aH9Tl4YZ/D8SzAPaGgz8ImZIQclxy5IOGnOsdHDKGkVQEukP+gURKKz0wARC
VoJZVr1m6ap4Hb9JYTNuvZvTx35IM4zSOZsouu5TEV9XUpY90YYhP980Qge554zu
hQDQHebAjGTspatCbmbP4eaIzVSnGCkCgCNg7oHtt/kIhDcZ9UAPyb4dCo+3SWTn
LAgL2C82kvvQrp9l5+CIzexF7kSjjYhftBY00NNvrQuhwksT0Tafkq12VQIDAQAB
o4IBYzCCAV8wFwYDVR0RBBAwDoIMKi5hcGFjaGUub3JnMAkGA1UdEwQCMAAwQgYD
VR0gBDswOTA3BgpghkgBhvhFAQc2MCkwJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3
LnRoYXd0ZS5jb20vY3BzLzAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0jBBgwFoAUp6KD
uzRFQD381TBPErk+oQGf9tswOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL3N2ci1v
di1jcmwudGhhd3RlLmNvbS9UaGF3dGVPVi5jcmwwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMGkGCCsGAQUFBwEBBF0wWzAiBggrBgEFBQcwAYYWaHR0cDov
L29jc3AudGhhd3RlLmNvbTA1BggrBgEFBQcwAoYpaHR0cDovL3N2ci1vdi1haWEu
dGhhd3RlLmNvbS9UaGF3dGVPVi5jZXIwDQYJKoZIhvcNAQEFBQADggEBABe1XIde
6yIzZPJO86jlBrOjyjQ6+Qrfr+puGC4pEjxF3SNJzb3HfxmO+VHVX/wlwKImO0zd
IhLgBJ80evp9wBa3Y+rkv16+O3YPiIUq5EVNlXJpVEBrlFr00j83kIlhtg2rhAoO
mdIcw4sAjbiv45AkXRzvODGPziBrpM+R/SLguicr8ZFjuU+Tz68LC5VQ/cei6ARV
Y+7Ey9J0LMENYoJVJ1LL0jN46NqbZWPAzHUmZtitI2L3fmkHJcrNdrM08sKFI/P7
RY4YEBcN3DKJdKlBr78JAm5IMHfX1FIJMaOf4ztZrE6/BZlCmrC4GaI1spIECdw2
76ezpti1FFpWfpk=
-----END CERTIFICATE-----

{noformat}

This cert appears to be an old one, and doesn't verify anymore (the issuer appears broken).
It also doesn't match the expected cert from http://www.apache.org/dev/machines.html#ssl-keys



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message