8:55 p.m.
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--lIBBQOd5xJlfx4grVHn7GK3iqTHQD3nfF
Content-Type: multipart/mixed; boundary="jIWnohbHnrLDBm9w209XrI73urH0UDQwx";
protected-headers="v1"
From: =?UTF-8?B?TWFyYyBEZXF1w6huZXMgKER1Y2sp?= <duck(a)redhat.com>
To: oVirt Infra <infra(a)ovirt.org>
Message-ID: <cc4752b6-816a-be6b-7ecf-4bfebd35c301(a)redhat.com>
Subject: About www.ovirt.org TLS cert
--jIWnohbHnrLDBm9w209XrI73urH0UDQwx
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Quack,
So the Digicert system does not warn you about all certs but only if you
were configured to be in some access list at creation or renewal time. I
was not in RH when www.ovirt.org cert was issued, so=E2=80=A6
Fortunately I was kindly warned by another guy having access to the
system. I requested a renewal yesterday but today it is not yet done. So
let's hope it is done when I wake up or during the day.
Just to keep you informed.
\_o<
--jIWnohbHnrLDBm9w209XrI73urH0UDQwx--
--lIBBQOd5xJlfx4grVHn7GK3iqTHQD3nfF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcpcqg+UmRT3yiF+BVen596wcRD8FAlk27HoACgkQVen596wc
RD+SpA//QiFxb61/wvRNhhP8xya1JMVDTORSPe3JiPIXvv1VT0jCHwsc6+bbExnW
Tq8cjDFvKYXch00KKFEt6IrsfPyIUvwhzzr7OHu/EPutzUg7JmOGNBFXMZIDD5rD
3sW9v/jsPqKhjIjamwu7PcEEz0C+Lc3q7TLyszPfDHVxIZ8ufZgjEK52QSUOVbT3
XCbltnlVieHzHyI772bUDwaCUFpLNTy/XiRM76GX8xiYPYD78KD8FZNkiDx3RYpx
hSpKAcGfeegas/LXg+40Ml38Pd6a/GGEfwQL2+wNAKnId3Q8AcftCtcgz4Kb1aZt
toXLHQg0IFGLd7SBgterZ9oWjqH46anntzrnc9SYg21dgDwosALcG9RQxuSkwd0d
G8qvydsmEYZ3TyseFjVjE0JsR1ZIyYlLvqRB2ZebpD2JZjiOhMtHfKH9UvFDw4P+
ktZ2iDIOPl/oEBCP7/45p0NjKZrLZdYRpHm3dhJ4UqRtGadvQmYn83bH95FDBtqc
K/Wlvh5+OovJbpBwq+2ezJzZ1TYCkktqYq9WYpirkxBI/4+OdccDk/b25/mjIQyU
vjFB6PO60Nc3H2T8ST4EFv7i4j46h3Uot3l8sa/i3CVxHaK3gQJQ+4WReoJVBj3R
NjB1AkkYhn7PRmtjQ2Wp9A6cwILhWGZYVm2ueyZlXss9pD6L9No=
=q4vV
-----END PGP SIGNATURE-----
--lIBBQOd5xJlfx4grVHn7GK3iqTHQD3nfF--
1:03 p.m.
Content preview: On Wed, Jun 07, 2017 at 02:55:06AM +0900, Marc Dequènes (Duck)
wrote: > Quack, > > So the Digicert system does not warn you about all certs
but only if you > were configured to be in some access list at creation or
renewal time. I > was not in RH when www.ovirt.org cert was issued, so…
> Fortunately I was kindly warned by another guy having access to
the >
system. I requested a renewal yesterday but today it is not yet done.
So
let's hope it is done when I wake up or during the day. [...]
Content analysis details: (-1.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-SA-Exim-Connect-IP: 2a02:1398:804::199
X-SA-Exim-Mail-From: ewoud+ovirt(a)kohlvanwijngaarden.nl
X-SA-Exim-Scanned: No (on mail.xentower.nl); SAEximRunCond expanded to false
X-BeenThere: infra(a)ovirt.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "List for ovirt.org infrastructure team" <infra.ovirt.org>
List-Unsubscribe: <http://lists.ovirt.org/mailman/options/infra>;,
<mailto:infra-request@ovirt.org?subject=unsubscribe>
List-Archive: <http://lists.ovirt.org/pipermail/infra/>
List-Post: <mailto:infra@ovirt.org>
List-Help: <mailto:infra-request@ovirt.org?subject=help>
List-Subscribe: <http://lists.ovirt.org/mailman/listinfo/infra>;,
<mailto:infra-request@ovirt.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 10:03:52 -0000
On Wed, Jun 07, 2017 at 02:55:06AM +0900, Marc Dequènes (Duck) wrote:
Quack,
So the Digicert system does not warn you about all certs but only if you
were configured to be in some access list at creation or renewal time. I
was not in RH when www.ovirt.org cert was issued, so…
Fortunately I was kindly warned by another guy having access to the
system. I requested a renewal yesterday but today it is not yet done. So
let's hope it is done when I wake up or during the day.
The chain is incomplete causing some requests to fail, see
https://www.ssllabs.com/ssltest/analyze.html?d=www.ovirt.org&latest
You can replicate it by using curl on the command line. Browsers often
have the chain cached and don't see the problem.
11:26 a.m.
Content preview: On Mon, Jun 12, 2017 at 12:03:46PM +0200, Ewoud Kohl van Wijngaarden
wrote: >On Wed, Jun 07, 2017 at 02:55:06AM +0900, Marc Dequènes (Duck) wrote:
> Quack, >> >> So the Digicert system does not warn you
about all certs
but only if you >> were configured to be in some access
list at creation or
renewal time. I >> was not in RH when www.ovirt.org cert was issued, so…
> >> Fortunately I was kindly warned by another guy having
access to the
> system. I requested a renewal yesterday but today it is not yet done.
So
>> let's hope it is done when I wake up or during the day. > > The chain
is incomplete causing some requests to fail, see >
https://www.ssllabs.com/ssltest/analyze.html?d=www.ovirt.org&latest
> You can replicate it by using curl on the command line. Browsers
often
have the chain cached and don't see the problem. [...]
Content analysis details: (-1.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-SA-Exim-Connect-IP: 2a02:1398:804::199
X-SA-Exim-Mail-From: ewoud+ovirt(a)kohlvanwijngaarden.nl
X-SA-Exim-Scanned: No (on mail.xentower.nl); SAEximRunCond expanded to false
X-BeenThere: infra(a)ovirt.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "List for ovirt.org infrastructure team" <infra.ovirt.org>
List-Unsubscribe: <http://lists.ovirt.org/mailman/options/infra>;,
<mailto:infra-request@ovirt.org?subject=unsubscribe>
List-Archive: <http://lists.ovirt.org/pipermail/infra/>
List-Post: <mailto:infra@ovirt.org>
List-Help: <mailto:infra-request@ovirt.org?subject=help>
List-Subscribe: <http://lists.ovirt.org/mailman/listinfo/infra>;,
<mailto:infra-request@ovirt.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2017 08:26:30 -0000
On Mon, Jun 12, 2017 at 12:03:46PM +0200, Ewoud Kohl van Wijngaarden wrote:
On Wed, Jun 07, 2017 at 02:55:06AM +0900, Marc Dequènes (Duck) wrote:
> Quack,
>
> So the Digicert system does not warn you about all certs but only if you
> were configured to be in some access list at creation or renewal time. I
> was not in RH when www.ovirt.org cert was issued, so…
>
> Fortunately I was kindly warned by another guy having access to the
> system. I requested a renewal yesterday but today it is not yet done. So
> let's hope it is done when I wake up or during the day.
The chain is incomplete causing some requests to fail, see
https://www.ssllabs.com/ssltest/analyze.html?d=www.ovirt.org&latest
You can replicate it by using curl on the command line. Browsers often
have the chain cached and don't see the problem.
This is still an issue.
2710
days inactive
2722
days old
2 comments
2 participants
participants (2)
-
Ewoud Kohl van Wijngaarden -
Marc Dequènes (Duck)