| Summary: | Some hosts on *.gentoo.org have unneccessary cert in chain | ||
|---|---|---|---|
| Product: | Gentoo Infrastructure | Reporter: | Hanno Böck <hanno> |
| Component: | Other web server issues | Assignee: | Gentoo Infrastructure <infra-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Hanno Böck
2015-04-16 11:47:30 UTC
(In reply to Hanno Boeck from comment #0) > Several Gentoo webpages using a Digicert certificate seem to have an > unneccessary cert in the chain. See here: > https://www.ssllabs.com/ssltest/analyze.html?d=gentoo.org Hooray for the qualys bug of the month. I think it's cute how people scan 'gentoo.org' and miss the about 40 other hosts, but anyway. > > The server sends three chain certificates: The server being www and forums yes, they did. wiki.gentoo.org which you included in your original summary on the other hand already had the new CA bundle at the time of your writing. > (This should be replaced by a > sha2-version, but that's an independent issue, I'll open another bug for > that.) We got the message that sha1 is phased out, and have already started updating the intermediates; so thanks, but you can skip filing that bug. So, to make that pesky warning go away, I pushed the remaining certs. (As always pending config management runs) |
