:: Re: [DNG] SSL certificate on devuan…
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Klaus Ethgen
Datum:  
To: dng
Betreff: Re: [DNG] SSL certificate on devuan.org invalid
Hi folks,

Am Di den 31. Jan 2017 um 19:35 schrieb Klaus Ethgen:
> the SSL certificate for website devuan.org is invalid again and does not
> match the one in TLSA record.


That problem gets serious now. I even cannot access www.devuan.org
anymore.

On all pages I get certificate mismatch. There seems to be one that is
impersonalizing devuan.org with a faked Let's Encrypt certificate.

The Fingerprint I get currently from the website is:
CF:C6:BE:F8:22:E5:30:16:3A:50:3B:1A:B8:99:FC:9D:83:B3:E5:38

And tlsa verification gives:
~> tlsa --verify www.devuan.org
FAIL (Usage 3 [DANE-EE]): Certificate offered by the server does not match the TLSA record (46.105.191.76)
FAIL (Usage 3 [DANE-EE]): Certificate offered by the server does not match the TLSA record (2001:41d0:8:2c55::a1)

As the impersonating uses a Let's encrypt certificate I think it is a
more sever problem than just that my side would be tampered.

Regards
   Klaus
- -- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C