I'm running a firefox plugin called certpartol which alerts me to unusual ssl cert changes.
The existing cert signed by GeoTrust, Inc. wasn't set to expire until 2016-07-19 02:17:12. The new cert is signed by DigiCert Inc.
I just want to make sure this is an intentional change and not a fake cert.
I took a screenshot of the certpatrol warning @ http://img204.imageshack.us/img204/8463/screenshot20111220at953.png
On Tue, Dec 20, 2011 at 9:18 AM, Michael Becker spammb@gmail.com wrote:
I just want to make sure this is an intentional change and not a fake cert.
01:04 Ryan_Lane: switching ssl certificate to digicert certificate for wikipedia 00:46 Ryan_Lane: enabling https for *.m.wikipedia.org 00:46 Ryan_Lane: repooling ssl1001 00:28 Ryan_Lane: restarted pybal on lvs1004 for mobile ssl and mobile svc services 00:27 Ryan_Lane: make that lvs1001 00:27 Ryan_Lane: restarted pybal on ssl1001 for mobile ssl and mobile svc services 00:15 Ryan_Lane: depooling ssl1001 for testing 00:15 LeslieCarr: depooling and restarting ssl1001 withnew cert 00:14 LeslieCarr: pushing out new digicert certificate for *.wikipedia.org
http://wikitech.wikimedia.org/view/Server_admin_log
So, yes, likely intentional.
On 20/12/11 16:18, Michael Becker wrote:
I'm running a firefox plugin called certpartol which alerts me to unusual ssl cert changes.
The existing cert signed by GeoTrust, Inc. wasn't set to expire until 2016-07-19 02:17:12. The new cert is signed by DigiCert Inc.
I just want to make sure this is an intentional change and not a fake cert.
I took a screenshot of the certpatrol warning @ http://img204.imageshack.us/img204/8463/screenshot20111220at953.png
It's legitimate. The certificate was changed last week to a new one which also supports *.m.wikipedia.org
Old certificate (rapidssl):
SHA1: 75 B7 57 24 74 3F F9 3D 6D F4 7F 5C 5A 8C 65 5A 8F 28 1B C2 MD5: 8B FE CE DA 58 76 48 71 EF 0C EE 1C BD D6 19 6F
New certificate (digicert):
SHA1: 03 47 7F F5 F6 3B F5 B6 10 C0 7D 65 9A 7B A9 12 D3 20 83 68 MD5: C0 C8 F7 A0 33 20 A2 D4 2E 27 65 73 42 4C A0 24
Although I could be a moron which trojanised your connection and is trying to fool you ;)
It _should_ be possible to confirm this by looking at the Server Admin Log entries of 13 December:
00:15 LeslieCarr: depooling and restarting ssl1001 withnew cert 00:14 LeslieCarr: pushing out new digicert certificate for *.wikipedia.org
if only wikitech wasn't using an expired self-signed certificate...
On Tue, Dec 20, 2011 at 7:37 AM, Platonides Platonides@gmail.com wrote:
On 20/12/11 16:18, Michael Becker wrote:
I'm running a firefox plugin called certpartol which alerts me to unusual ssl cert changes.
The existing cert signed by GeoTrust, Inc. wasn't set to expire until 2016-07-19 02:17:12. The new cert is signed by DigiCert Inc.
I just want to make sure this is an intentional change and not a fake cert.
I took a screenshot of the certpatrol warning @ http://img204.imageshack.us/img204/8463/screenshot20111220at953.png
It's legitimate. The certificate was changed last week to a new one which also supports *.m.wikipedia.org
Platonides explained it perfectly :) You will also notice a change in the near-ish term future when we switch to a cert with a different certificate.
I have now installed Certpatrol -- awesome plugin!
On Tue, Dec 20, 2011 at 10:15 AM, Leslie Carr lcarr@wikimedia.org wrote:
On Tue, Dec 20, 2011 at 7:37 AM, Platonides Platonides@gmail.com wrote:
On 20/12/11 16:18, Michael Becker wrote:
I'm running a firefox plugin called certpartol which alerts me to unusual ssl cert changes.
The existing cert signed by GeoTrust, Inc. wasn't set to expire until 2016-07-19 02:17:12. The new cert is signed by DigiCert Inc.
I just want to make sure this is an intentional change and not a fake cert.
I took a screenshot of the certpatrol warning @ http://img204.imageshack.us/img204/8463/screenshot20111220at953.png
It's legitimate. The certificate was changed last week to a new one which also supports *.m.wikipedia.org
Platonides explained it perfectly :) You will also notice a change in the near-ish term future when we switch to a cert with a different certificate.
different expiration date, not a different certificate.
Going to go find coffee now...
I have now installed Certpatrol -- awesome plugin!
-- Leslie Carr Wikimedia Foundation AS 14907, 43821
wikitech-l@lists.wikimedia.org