[colug-432] expired keys
Rob Funk
rfunk at funknet.net
Tue Jul 12 17:01:09 EDT 2016
Vince Herried wrote:
> messing with sendmail a google pointed me to a .mil web site
> when I go peek I get a warning about an expired key ( think that was the message
> )
> Is this an example of our stupid goverment IT organizations ?
I would assume that military and civilian government IT are completely
different. It's likely to be a different kind of stupid.
> here is the site that google pointed me to...
> https://www.hpc.mil/index.php/2013-08-29-16-03-23/networking-overview/2013-10-03
> -17-24-38/ipv6-knowledge-base-infrastructure/sendmail-and-ipv6
openssl s_client -connect www.hpc.mil:443
Shows me this certificate chain:
0 s:/C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=OSD/CN=www.hpc.mil
i:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD CA-28
1 s:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD CA-28
i:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
2 s:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
i:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 2
That last one is self-signed. Most likely the people who use such
sites often are set up to accept it.
(When I look at it in Firefox I get an Unknown Issuer error.)
> kind of funny it is titled with ....; modernization program .....
Modernization and sendmail in the same document? Oh my.
More information about the colug-432
mailing list