Content preview: On Wed, Jun 07, 2017 at 02:55:06AM +0900, Marc Dequènes (Duck) wrote: > Quack, > > So the Digicert system does not warn you about all certs but only if you > were configured to be in some access list at creation or renewal time. I > was not in RH when www.ovirt.org cert was issued, so… > > Fortunately I was kindly warned by another guy having access to the > system. I requested a renewal yesterday but today it is not yet done. So
let's hope it is done when I wake up or during the day. [...]
Content analysis details: (-1.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-SA-Exim-Connect-IP: 2a02:1398:804::199 X-SA-Exim-Mail-From: ewoud+ovirt@kohlvanwijngaarden.nl X-SA-Exim-Scanned: No (on mail.xentower.nl); SAEximRunCond expanded to false X-BeenThere: infra@ovirt.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "List for ovirt.org infrastructure team" <infra.ovirt.org> List-Unsubscribe: <http://lists.ovirt.org/mailman/options/infra>, <mailto:infra-request@ovirt.org?subject=unsubscribe> List-Archive: <http://lists.ovirt.org/pipermail/infra/> List-Post: <mailto:infra@ovirt.org> List-Help: <mailto:infra-request@ovirt.org?subject=help> List-Subscribe: <http://lists.ovirt.org/mailman/listinfo/infra>, <mailto:infra-request@ovirt.org?subject=subscribe> X-List-Received-Date: Mon, 12 Jun 2017 10:03:52 -0000 On Wed, Jun 07, 2017 at 02:55:06AM +0900, Marc Dequènes (Duck) wrote:
Quack,
So the Digicert system does not warn you about all certs but only if you were configured to be in some access list at creation or renewal time. I was not in RH when www.ovirt.org cert was issued, so…
Fortunately I was kindly warned by another guy having access to the system. I requested a renewal yesterday but today it is not yet done. So let's hope it is done when I wake up or during the day.
The chain is incomplete causing some requests to fail, see https://www.ssllabs.com/ssltest/analyze.html?d=www.ovirt.org&latest You can replicate it by using curl on the command line. Browsers often have the chain cached and don't see the problem.