On Friday 06 Apr 2012 08:52:04 Florent Daigniere wrote: > Hi, > > We are in the process of deploying a new SSL certificate accross our > different websites, > here is its fingerprint: > > SN: 11:21:0A:32:B3:66:76:7C:CE:E6:03:83:CB:0B:79:96:0E:D8 > MD5 Fingerprint=E9:77:77:7E:92:32:5A:13:2F:C6:D1:20:21:C8:7D:B5 > SHA1 Fingerprint=D9:1C:04:A4:68:FC:1A:FC:94:89:3E:1A:43:BE:0B:62:45:1E:97:41 > > Certificate chain > 0 s:/C=US/OU=Domain Control Validated/CN=*.freenetproject.org > i:/O=AlphaSSL/CN=AlphaSSL CA - G2 > 1 s:/O=AlphaSSL/CN=AlphaSSL CA - G2 > i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA > 2 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA > i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA > > Florent
What still needs doing? As I see it: checksums: - Windows update.cmd script. - Unix update.sh script. - Freenet itself. - Unix installer. - Windows installer. Basically the issue here is that we include the certificate because the old certs were not universally recognised. The new ones are more widely known than the old ones I believe, but we might still be forcing it to only recognise a single cert in some places? Furthermore some of these might be tricky to update. So it might make sense e.g. to update the files from the fred update. Hopefully in at least some cases it will Just Work though... Other big issue here - how are we going to test this before deploying it? Anything else? https://bugs.freenetproject.org/view.php?id=5367 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20120406/5a075102/attachment.pgp>
