From: Simon Josefsson <simon@josefsson.org>
To: Ted Zlatanov <tzz@lifelogs.com>
Cc: ding@gnus.org
Subject: Re: SSL certificate issues for git.gnus.org
Date: Fri, 11 Mar 2011 06:57:41 +0100 [thread overview]
Message-ID: <87lj0mfbca.fsf@latte.josefsson.org> (raw)
In-Reply-To: <87sjuuiqj0.fsf@lifelogs.com> (Ted Zlatanov's message of "Thu, 10 Mar 2011 16:01:23 -0600")
Ted Zlatanov <tzz@lifelogs.com> writes:
> On Thu, 10 Mar 2011 22:50:11 +0100 Simon Josefsson <simon@josefsson.org> wrote:
>
> SJ> Steinar Bang <sb@dod.no> writes:
>>>>>>>> Simon Josefsson <simon@josefsson.org>:
>>>
>>>> I think anyone who is already a CACert member could help with this, by
>>>> claiming ownership of the domain and then requesting certificates. I
>>>> happen to be a member, so if I can help, let me know. Generating the
>>>> private key and certificate request is relatively easy too.
>>>
>>> I am also a member but I though I only could request certificate signing
>>> for sub-domains of the one I'm the member as...?
>
> SJ> You can become "owner" of any domain by entering the domain under
> SJ> cacert.org Domains->Add when you are logged in. The domain owner will
> SJ> get an e-mail to confirm the operation, but if he accepts then you can
> SJ> get server certificates for that domain through CACert.
>
> Oh, I see. I didn't know that.
>
> Could you do the request? You're probably the best person to do it.
I have made the request -- but Lars will need to approve it.
Lars, to generate the git.gnus.org certificate, please run something
like this and send me the CSR at the bottom (it is fine to post to the
list, it is not security sensitive) and I'll paste the request through
cacert and get a certificate back:
jas@latte:~$ certtool -p --outfile git.gnus.org-key.pem
Generating a 2048 bit RSA private key...
jas@latte:~$ certtool -q --load-privkey git.gnus.org-key.pem
Generating a PKCS #10 certificate request...
Country name (2 chars):
Organization name:
Organizational unit name:
Locality name:
State or province name:
Common name: git.gnus.org
UID:
Enter a dnsName of the subject of the certificate: git.gnus.org
Enter a dnsName of the subject of the certificate:
Enter the IP address of the subject of the certificate:
Enter the e-mail of the subject of the certificate:
Enter a challenge password:
Does the certificate belong to an authority? (y/N):
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): y
Will the certificate be used for encryption (RSA ciphersuites)? (y/N): y
Is this a TLS web client certificate? (y/N):
Is this also a TLS web server certificate? (y/N): y
PKCS #10 Certificate Request Information:
Version: 1
Subject: CN=git.gnus.org
Subject Public Key Algorithm: RSA
Modulus (bits 2048):
c6:53:c1:43:9a:8e:5d:f5:89:10:27:00:7d:42:ff:6c
a3:4f:bb:0c:58:c4:6c:9a:73:be:1d:6a:b5:e7:09:1c
1f:de:53:20:de:30:2a:52:a5:96:3a:57:ce:32:02:e8
e8:1d:2c:91:fa:c4:ed:95:84:95:b3:f9:91:3a:df:02
d3:76:75:c6:09:2f:4e:16:f8:cb:ea:83:fb:58:e5:91
52:ea:ef:74:7d:a5:9e:61:38:44:0f:de:92:b7:4a:f4
ff:c5:93:6a:21:d2:cf:83:9c:cb:af:17:74:88:5f:87
9a:63:8a:b9:f0:2b:1d:94:c8:f7:e1:ea:53:33:5e:d5
c3:8f:83:c0:98:f1:9d:69:b6:8d:be:e9:27:ce:82:f6
52:90:ea:d9:21:46:fc:04:95:27:0c:f8:6d:aa:51:fe
11:3f:c3:f1:0a:ac:de:d5:bc:88:7f:73:bb:25:61:d2
44:07:21:96:b9:4d:4f:c3:1a:35:be:41:2e:d5:5e:f6
0e:a2:6f:56:40:a1:f5:e0:f5:85:1d:8b:24:db:c3:fe
92:94:ce:23:cf:06:cc:1b:a2:f3:d6:bf:85:10:03:d8
0d:ac:3d:d2:10:ba:bd:ea:4d:e8:42:5a:a7:49:e8:c3
8d:86:dd:a0:09:77:62:43:ce:95:82:3c:8f:f4:c6:f3
Exponent:
01:00:01
Attributes:
Extensions:
Subject Alternative Name (not critical):
DNSname: git.gnus.org
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Key Usage (critical):
Digital signature.
Key encipherment.
Key Purpose (critical):
TLS WWW Server.
Other Information:
Public Key Id:
4dff66171012fd06f4ebe4206d4041cd4d020183
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICvTCCAaUCAQAwFzEVMBMGA1UEAxMMZ2l0LmdudXMub3JnMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlPBQ5qOXfWJECcAfUL/bKNPuwxYxGyac74d
arXnCRwf3lMg3jAqUqWWOlfOMgLo6B0skfrE7ZWElbP5kTrfAtN2dcYJL04W+Mvq
g/tY5ZFS6u90faWeYThED96St0r0/8WTaiHSz4Ocy68XdIhfh5pjirnwKx2UyPfh
6lMzXtXDj4PAmPGdabaNvuknzoL2UpDq2SFG/ASVJwz4bapR/hE/w/EKrN7VvIh/
c7slYdJEByGWuU1Pwxo1vkEu1V72DqJvVkCh9eD1hR2LJNvD/pKUziPPBswbovPW
v4UQA9gNrD3SELq96k3oQlqnSejDjYbdoAl3YkPOlYI8j/TG8wIDAQABoGEwXwYJ
KoZIhvcNAQkOMVIwUDAXBgNVHREEEDAOggxnaXQuZ251cy5vcmcwDAYDVR0TAQH/
BAIwADAPBgNVHQ8BAf8EBQMDB6AAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMA0G
CSqGSIb3DQEBCwUAA4IBAQBLijy0bHwYLkb7ZwOlHfX9yjRvOrTPfe7/g8N1uD8y
hPChDpCbmQtdsbDQW1r9Bz8AiixtkfrAvz0UYuc6jTsqkD+P6hGb8g+oayJt4O2B
FA5sgcp6ydmjRicdt3uucbtB0uPr0gpMdqTQjwo6RL4YzhyG1HiVPGPbLNVu7T+7
0otyN2QPC6eHtgLqPel8LnJyJ0qqCdBVM0dGLWWrxHJYSQB+pCdhPJH/8YK8T7+D
Zo4/leWGihU+Ga90hYnPDFALhCU30XGCZItHjW4p5miS/vW/KGGqdWH55zpIM6ZE
cEIZVmUx1doYrKI7GOZm/X5dtrZgxCxhtIIebkHfRgTp
-----END NEW CERTIFICATE REQUEST-----
jas@latte:~$
/Simon
next prev parent reply other threads:[~2011-03-11 5:57 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-12 2:25 Gnus Git repository info and comitters: need updated password Ted Zlatanov
2010-04-12 8:31 ` David Engster
2010-04-12 10:20 ` Adam Sjøgren
2010-04-12 17:36 ` Andreas Schwab
2010-04-12 17:52 ` Ted Zlatanov
2010-04-12 18:57 ` Andreas Schwab
2010-04-14 10:38 ` Ted Zlatanov
2010-04-14 11:24 ` Andreas Schwab
2010-04-14 13:10 ` Ted Zlatanov
2010-04-14 16:59 ` Andreas Schwab
2010-04-15 3:07 ` Ted Zlatanov
2010-04-15 7:57 ` Andreas Schwab
2010-04-12 17:27 ` Andreas Schwab
2010-04-12 17:49 ` Ted Zlatanov
2010-04-12 18:29 ` Bjørn Mork
2010-04-12 19:01 ` Ted Zlatanov
2010-04-12 18:53 ` Andreas Schwab
2010-04-12 19:12 ` Andreas Schwab
2010-04-12 19:18 ` Ted Zlatanov
2010-04-12 19:29 ` Andreas Schwab
[not found] ` <87bpdpgsj9.fsf@gate450.dyndns.org>
2010-04-14 11:07 ` Ted Zlatanov
2010-04-14 11:34 ` Romain Francoise
2010-04-15 6:50 ` Katsumi Yamaoka
2010-04-15 13:46 ` Ted Zlatanov
2010-04-15 17:04 ` Andreas Schwab
2010-04-15 22:54 ` Andreas Seltenreich
2010-04-16 1:25 ` Ted Zlatanov
2010-04-16 21:49 ` Andreas Schwab
2010-04-17 21:00 ` Ted Zlatanov
2010-04-17 8:24 ` Andreas Seltenreich
2010-04-17 10:01 ` Andreas Schwab
2010-04-17 16:52 ` Andreas Seltenreich
2010-04-17 10:29 ` Andreas Schwab
2010-04-17 21:02 ` Ted Zlatanov
2010-04-17 21:28 ` Ted Zlatanov
2010-04-17 22:00 ` Ted Zlatanov
2010-04-17 23:26 ` Tim Landscheidt
2010-04-18 9:51 ` Andreas Seltenreich
2010-04-18 11:53 ` Ted Zlatanov
2010-04-18 12:10 ` Leo
2010-04-18 15:26 ` Ted Zlatanov
2010-04-18 21:04 ` Gnus, git, www.gnus.org (was: Gnus Git repository info and comitters: need updated password) Reiner Steib
2010-04-19 17:49 ` Gnus, git, www.gnus.org Reiner Steib
2010-04-19 18:10 ` Ted Zlatanov
2010-04-19 19:21 ` Andreas Schwab
2010-04-19 20:12 ` Ted Zlatanov
2010-04-19 23:28 ` Tim Landscheidt
2010-04-20 3:41 ` Ted Zlatanov
2010-04-22 17:31 ` Sivaram Neelakantan
2010-04-22 19:48 ` Andreas Schwab
2010-04-22 23:49 ` Ted Zlatanov
2010-04-23 0:35 ` Harry Putnam
2010-04-23 1:28 ` Russ Allbery
2010-04-23 10:00 ` Bjørn Mork
2010-04-23 13:01 ` Ted Zlatanov
2010-04-23 13:08 ` Greg Troxel
2010-04-23 13:20 ` Ted Zlatanov
2010-04-23 9:18 ` Sivaram Neelakantan
2010-04-23 12:54 ` Andreas Schwab
2010-04-23 16:41 ` Sivaram Neelakantan
2010-04-18 13:06 ` Gnus Git repository info and comitters: need updated password Andreas Seltenreich
2010-04-18 15:20 ` Ted Zlatanov
2010-04-18 15:32 ` Ted Zlatanov
2010-04-18 16:35 ` Andreas Seltenreich
2010-04-18 23:37 ` Ted Zlatanov
2010-04-19 1:01 ` Ted Zlatanov
2010-04-19 6:12 ` James Cloos
2010-04-20 3:11 ` Ted Zlatanov
2010-04-23 9:54 ` Tim Landscheidt
2010-04-23 13:16 ` SSL certificate issues for git.gnus.org (was: Gnus Git repository info and comitters: need updated password) Ted Zlatanov
2011-02-25 21:58 ` SSL certificate issues for git.gnus.org Ted Zlatanov
2011-02-25 22:39 ` Adam Sjøgren
2011-02-25 22:54 ` Ted Zlatanov
2011-02-25 22:59 ` Adam Sjøgren
2011-02-26 7:51 ` Julien Danjou
2011-02-26 13:14 ` Adam Sjøgren
2011-02-26 14:59 ` Steinar Bang
2011-02-28 19:33 ` Ted Zlatanov
2011-02-28 21:01 ` Steinar Bang
2011-03-01 10:38 ` Ted Zlatanov
2011-03-01 10:53 ` Steinar Bang
2011-03-05 12:04 ` Lars Magne Ingebrigtsen
2011-03-05 20:00 ` Steinar Bang
2011-03-07 17:26 ` Ted Zlatanov
2011-03-10 9:44 ` Simon Josefsson
2011-03-10 11:55 ` Steinar Bang
2011-03-10 21:50 ` Simon Josefsson
2011-03-10 22:01 ` Ted Zlatanov
2011-03-11 5:57 ` Simon Josefsson [this message]
2011-03-13 22:24 ` Lars Magne Ingebrigtsen
2011-03-14 8:59 ` Simon Josefsson
2011-03-14 9:30 ` Matthias Andree
2011-03-15 15:45 ` Lars Magne Ingebrigtsen
2011-03-15 16:03 ` Ted Zlatanov
2011-03-16 10:59 ` Ted Zlatanov
2011-03-16 11:31 ` Greg Troxel
2011-03-16 13:21 ` Ted Zlatanov
2011-03-17 11:07 ` Ted Zlatanov
2011-03-10 15:52 ` Ted Zlatanov
2011-03-10 19:43 ` James Cloos
2011-03-21 19:54 ` Adam Sjøgren
2011-03-21 22:41 ` Ted Zlatanov
2011-03-21 22:45 ` Adam Sjøgren
2011-02-26 9:24 ` Steinar Bang
2010-04-18 8:47 ` Gnus Git repository info and comitters: need updated password Andreas Schwab
2010-04-16 6:14 ` Katsumi Yamaoka
2010-04-16 9:47 ` Ted Zlatanov
2010-04-16 8:19 ` Didier Verna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lj0mfbca.fsf@latte.josefsson.org \
--to=simon@josefsson.org \
--cc=ding@gnus.org \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).