Your message dated Thu, 02 Sep 2010 23:17:19 +0200
with message-id <[email protected]>
and subject line (kein Betreff)
has caused the Debian Bug report #351745,
regarding ca-certificates: Certificate filename does not match certificate
contents
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
351745: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351745
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Version: 20050804
Severity: minor
The certificate that is stored in one of the files does not match the
name of the file. This is confusing (best case) or a security problem
(worst case, unlikely).
The file in question is /etc/ssl/certs/RSA_Root_Certificate_1.pem
The name of the file suggests that it belongs to RSA Security Inc, but
the contents of the file (reported by certtool, part of gnutls-bin) says
that it belongs to ValiCert.
$ certtool -i < /etc/ssl/certs/RSA_Root_Certificate_1.pem
X.509 certificate info:
Version: 1
Serial Number (hex): 01
Subject: L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert
Class 3 Policy Validation
Authority,CN=http://www.valicert.com/,[email protected]
Issuer: L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert
Class 3 Policy Validation
Authority,CN=http://www.valicert.com/,[email protected]
Signature Algorithm: RSA-SHA
Validity:
Not Before: Sat Jun 26 01:22:33 1999
Not After: Wed Jun 26 01:22:33 2019
Subject Public Key Info:
Public Key Algorithm: RSA (1024 bits)
modulus:
00:e3:98:51:96:1c:e8:d5:b1:06:81:6a:57:c3:72:
75:93:ab:cf:9e:a6:fc:f3:16:52:d6:2d:4d:9f:35:
44:a8:2e:04:4d:07:49:8a:38:29:f5:77:37:e7:b7:
ab:5d:df:36:71:14:99:8f:dc:c2:92:f1:e7:60:92:
97:ec:d8:48:dc:bf:c1:02:20:c6:24:a4:28:4c:30:
5a:76:6d:b1:5c:f3:dd:de:9e:10:71:a1:88:c7:5b:
9b:41:6d:ca:b0:b8:8e:15:ee:ad:33:2b:cf:47:04:
5c:75:71:0a:98:24:98:29:a7:49:59:a5:dd:f8:b7:
43:62:61:f3:d3:e2:d0:55:3f:
public exponent:
01:00:01:
Other information:
MD5 Fingerprint: A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
SHA1 Fingerprint:
69:BD:8C:F4:9C:D3:00:FB:59:2E:17:93:CA:55:6A:F3:EC:AA:35:FB
Public Key ID:
77:77:EE:58:B4:02:E3:68:CE:E2:9D:59:02:F9:84:3F:35:82:9A:4A
Another file called /etc/ssl/certs/RSA_Security_1024_v3.pem shows what a
certificate belonging to RSA Security Inc should look like.
certtool -i < /etc/ssl/certs/RSA_Security_1024_v3.pem
X.509 certificate info:
Version: 3
Serial Number (hex): 0A:01:01:01:00:00:02:7C:00:00:00:0B:00:00:00:02
Subject: O=RSA Security Inc,OU=RSA Security 1024 V3
Issuer: O=RSA Security Inc,OU=RSA Security 1024 V3
Signature Algorithm: RSA-SHA
Validity:
Not Before: Thu Feb 22 21:01:49 2001
Not After: Sun Feb 22 20:01:49 2026
Subject Public Key Info:
Public Key Algorithm: RSA (1024 bits)
modulus:
00:d5:dd:fe:66:09:cf:24:3c:3e:ae:81:4e:4e:8a:
c4:69:80:5b:59:3b:df:b9:4d:4c:ca:b5:2d:c3:27:
2d:3c:af:00:42:6d:bc:28:a6:96:cf:7f:d7:58:ac:
83:0a:a3:55:b5:7b:17:90:15:84:4c:8a:ee:26:99:
dc:58:ef:c7:38:a6:aa:af:d0:8e:42:c8:62:d7:ab:
ac:a9:fb:4a:7d:bf:ea:fe:12:4d:dd:ff:26:2d:6f:
36:54:68:c8:d2:84:56:ee:92:53:61:09:b3:3f:39:
9b:a8:c9:9b:bd:ce:9f:7e:d4:19:6a:16:29:18:be:
d7:3a:69:dc:25:5b:33:1a:51:
public exponent:
01:00:01:
X.509 Extensions:
Basic Constraints: (critical)
CA:TRUE
Key usage: (critical)
Certificate signing.
CRL signing.
Subject Key ID:
C4:C0:1C:A4:07:94:FD:CD:4D:01:D4:54:DA:A5:0C:5F:DE:AE:05:5A
Authority Key ID:
C4:C0:1C:A4:07:94:FD:CD:4D:01:D4:54:DA:A5:0C:5F:DE:AE:05:5A
Other information:
MD5 Fingerprint: 3A:E5:50:B0:39:BE:C7:46:36:33:A1:FE:82:3E:8D:94
SHA1 Fingerprint:
3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76
Public Key ID:
09:44:55:2B:5B:B6:4A:DF:AD:BB:85:63:1C:3F:A1:10:96:57:7D:FF
--- End Message ---
--- Begin Message ---
According to mozillas bugtracker
https://bugzilla.mozilla.org/show_bug.cgi?id=592984
This root, "OU = ValiCert Class 3 Policy Validation Authority" is
owned by RSA.
It is a legacy, 1024-bit root.
Email that I have from RSA says: "The Valicert Class 3 root is the
signatory of
the intermediate RSA Public Root V1 which we use to sign our end
customers.
According to email I have from RSA, RSA is in the process of
retiring this
root. They have not done new signings with this root in over a year.
I'm closing this bugreport hereby.
Cheers.
--
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------
--- End Message ---
