View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001526 | Main CAcert Website | website content | public | 2021-05-21 08:13 | 2021-08-06 10:14 |
Reporter | alkas | Assigned To | Ted | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | Main CAcert Website | OS | N/A | OS Version | stable |
Summary | 0001526: The Class 3 certificate expired, new one not published yet | ||||
Description | On the https://www.cacert.org/index.php?id=3 page, the old expired Class 3 certificate is still published. Users complain. | ||||
Steps To Reproduce | Go to https://www.cacert.org/index.php?id=3 and you will see the fingerprints of the deprecated Class 3 Root certificates. | ||||
Tags | Class 3, renew | ||||
Reviewed by | egal, Ted | ||||
Test Instructions | https://www.cacert.org/index.php?id=3 | ||||
|
Here is what we need to do, in order to implement the requested change, i.e. replacing on our front webpage the deprecated Class 3 Root certificate with serial number x0E by the new Class 3 Root certificate with serial number x14E228. 1. Replace the related files, hosted on our front webserver, in each of the formats these files are made available (pem, der, text) for downloading the Class 3 Root certificate. 1.1 Remove 1.1.1 Remove the file https://www.cacert.org/certs/class3_X0E.crt 1.1.2 Remove the file https://www.cacert.org/certs/class3_X0E.der 1.1.3 Remove the file https://www.cacert.org/certs/class3_X0E.txt 1.2 Add 1.2.1 Add the file CAcert_Class3Root_x14E228.crt at https://www.cacert.org/certs/ 1.2.2 Add the file CAcert_Class3Root_x14E228.der at https://www.cacert.org/certs/ 1.2.3 Add the file CAcert_Class3Root_x14E228.txt at https://www.cacert.org/certs/ Note: The files CAcert_Class3Root_x14E228.{crt,der,txt} are attached to the present note. Note: .der and .txt extensions are self-explanatory; .crt extension has been chosen to be given to the pem format file. 2. Update the HTML source code of the page at <https://www.cacert.org/index.php?id=3> 2.1 Update the hyperlinks to the Class 3 Root certificate 2.1.1 Replace certs/class3_X0E.crt by certs/CAcert_Class3Root_x14E228.crt 2.1.2 Replace certs/class3_X0E.der by certs/CAcert_Class3Root_x14E228.der 2.1.3 Replace certs/class3_X0E.txt by certs/CAcert_Class3Root_x14E228.txt Note: the change has to be applied on the canvas of the website, in order for the here above explanatory texts, enclosed in the hyperlink, to be displayed in any foreign langage, i.e. the one chosen by the visitor. 2.2 Update the displayed SHA1 and SHA256 fingerprints 2.2.1 Replace SHA256 fingerprint: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544 by SHA256 fingerprint: 1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869 2.2.2 Replace SHA1 fingerprint: A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0 by SHA1 fingerprint: D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8 2.3 Do not update As far as I know, the link <https://crl.cacert.org/class3-revoke.crl> has to stay untouched. 3. Make the new Class 3 Root certificate with serial number x14E228 used on our backend, in order for our members to be able to make their personal certificates signed by it. This is beyond the scope of this request and has probably already been done otherwise. CAcert_Class3Root_x14E228.crt (2,224 bytes)
-----BEGIN CERTIFICATE----- MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9 dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3 hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/ mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5 /LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5 0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87 cSvOK6eB1kdGKLA8ymXxZp8= -----END CERTIFICATE----- CAcert_Class3Root_x14E228.txt (7,540 bytes)
Certificate: Data: Version: 3 (0x2) Serial Number: 1368616 (0x14e228) Signature Algorithm: sha512WithRSAEncryption Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org Validity Not Before: Apr 19 12:18:30 2021 GMT Not After : Apr 17 12:18:30 2031 GMT Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9: dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da: 89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0: 24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8: c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa: 51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44: 8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34: 29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98: 65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0: ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e: 97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4: cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6: 85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72: 35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e: 4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e: 0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9: 2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64: 27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed: 5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4: cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11: 36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3: d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70: 40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a: e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a: df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20: 2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97: 4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1: ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48: 00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a: 25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11: c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91: 99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af: 8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42: 74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40: 05:fb:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE Authority Information Access: OCSP - URI:http://ocsp.CAcert.org/ CA Issuers - URI:http://www.CAcert.org/class3.crt X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.18506.2.3.1 CPS: http://www.CAcert.org/cps.php X509v3 CRL Distribution Points: Full Name: URI:https://www.cacert.org/class3.crl Signature Algorithm: sha512WithRSAEncryption c6:1e:ad:77:5c:b4:28:9b:d1:c8:8d:44:12:c0:bd:76:76:04: 83:21:07:f8:11:82:7f:6b:c1:95:42:c0:38:11:b5:25:70:8d: 8b:0c:c1:d5:6c:fd:1c:1a:03:7c:8b:f8:06:31:a5:9d:de:41: 29:d4:8b:9b:84:d7:3d:c1:37:86:71:a3:1f:5b:61:29:1e:5d: 77:7d:bb:f0:ad:b9:15:19:13:14:e6:35:80:ff:a6:19:b4:37: 85:94:41:e8:88:c3:5f:e0:b2:06:a4:bb:f8:40:a9:1d:39:ac: ed:ea:3f:98:04:4d:f9:8c:f9:47:79:73:52:f5:ec:df:34:97: fb:3e:77:e0:dc:d1:83:88:ba:88:73:47:5a:a6:a4:15:c4:0d: 70:0d:0f:9e:4b:13:07:7e:ef:18:3e:f9:a5:01:aa:79:29:b1: e7:52:fa:53:3a:c8:a6:7f:b6:ef:89:a1:b1:a1:4d:2f:ce:63: 85:7f:a5:2a:e9:3b:d4:c1:a3:cf:0a:13:85:bb:99:d7:9c:66: 90:84:e7:66:d4:50:b3:a1:e1:2d:22:2a:25:68:c3:20:b2:2b: c4:ba:98:1d:e8:4a:ef:5c:58:c2:b4:4d:84:56:f7:4e:bb:16: 68:42:6c:92:b8:6f:78:cd:0e:b3:fb:ef:a0:b3:64:87:f2:f7: 88:44:39:fc:b9:e6:2c:c0:98:24:d4:40:2c:5e:c8:ee:0b:1d: b8:02:4d:26:b8:0a:18:c6:2f:1e:4b:75:6e:8f:2e:21:73:bc: c2:03:55:ee:aa:14:e0:9a:1a:07:53:0b:df:44:14:a8:67:05: af:44:c8:d3:a1:45:76:02:b6:7f:0c:b9:86:e9:4f:c6:6e:b0: bb:15:b4:bf:e8:80:b5:76:31:fe:64:64:c1:0a:58:6d:c5:50: b6:b2:03:bf:1d:42:4f:59:39:d1:c4:31:8b:e8:c8:2a:39:1c: 15:61:f0:de:40:68:0e:70:a8:b3:4f:ee:91:e8:0f:4f:b6:90: 9e:4d:80:6c:be:1c:ee:70:a4:b8:07:04:2b:0d:41:02:54:84: 4e:47:ea:8b:96:ed:76:58:61:e7:c3:21:7b:06:6f:d4:b7:0b: e7:34:32:83:cc:35:a6:e7:25:4f:7c:17:42:fc:bc:57:03:c6: 9f:42:7f:98:60:f8:80:b2:d9:f6:b1:9c:1c:35:04:0a:89:31: 16:85:a4:fa:ee:4c:09:c5:6a:98:66:ec:c8:6e:2a:e6:cb:92: dc:23:6c:96:c1:d4:45:f3:3c:6d:02:b8:a0:bb:c7:47:c2:c2: 1c:40:4c:45:c7:45:06:7f:3b:71:2b:ce:2b:a7:81:d6:47:46: 28:b0:3c:ca:65:f1:66:9f -----BEGIN CERTIFICATE----- MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9 dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3 hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/ mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5 /LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5 0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87 cSvOK6eB1kdGKLA8ymXxZp8= -----END CERTIFICATE----- |
|
Please download the source-code using https://secure.cacert.org/src-lic.php Extract the file /cacert/pages/index/3.php and do the changes in HTML-code there and attach this updated file (or diff) to you (next) note regarding this bug so we can do the review ... ;-) (If I do the changes, it will get complicated to get the necessary two reviews ... ;-( ) |
|
And who is going to push the new certificate files into https://www.cacert.org/certs/ ? Bienvenue à CAcert.org.html (8,404 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Bienvenue à CAcert.org</title> <link rel="stylesheet" href="/styles/default.css" type="text/css"> <link href="http://blog.CAcert.org/feed/" rel="alternate" type="application/rss+xml" title="rss"> <script language="JavaScript" type="text/javascript"> function explode(e) { if (document.getElementById(e).style.display == 'none') { document.getElementById(e).style.display = 'block'; } else { document.getElementById(e).style.display = 'none'; } } function hideall() { var Nodes = document.getElementsByTagName('ul') var max = Nodes.length for(var i = 0;i < max;i++) { var nodeObj = Nodes.item(i) if (nodeObj.className == "menu" && nodeObj.id != "recom") { nodeObj.style.display = 'none'; } } } </script> </head> <body onload="hideall();"> <div id="pagecell1"> <div id="pageName"><br> <div id="pageLogo"><a href="http://www.cacert.org"><img src="/images/cacert4.png" border="0" alt="CAcert.org logo"></a></div> <div id="googlead"><h2>Certificats numériques gratuits !</h2></div> </div> <div id="pageNav"> <div class="relatedLinks"> <h3>S'inscrire à CAcert.org</h3> <a href="https://www.cacert.org/index.php?id=1">S'inscrire</a> <a href="/policy/CAcertCommunityAgreement.html">Accord communautaire</a> <a href="/index.php?id=3">Certificats racine</a> </div> <div class="relatedLinks"> <h3 class="pointer">Mon compte</h3> <a href="https://www.cacert.org/index.php?id=4">Identification par mot de passe</a> <a href="https://www.cacert.org/index.php?id=5">Mot de passe perdu</a> <a href="https://www.cacert.org/index.php?id=4&noauto=1">Connexion depuis un Cyber Café</a> <a href="https://secure.cacert.org/index.php?id=4">Connexion par certificat</a> </div> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('misc')">+ À propos de CAcert.org</h3> <ul class="menu" id="misc"> <li><a href="http://blog.cacert.org/">Dernières informations sur CAcert</a></li> <li><a href="http://wiki.CAcert.org/">Documentation Wiki</a></li> <li><a href="/policy/">Procédures applicables</a></li> <li><a href="//wiki.cacert.org/FAQ/Privileges">Système de points</a></li> <li><a href="http://bugs.CAcert.org/">Base de données des bugs</a></li> <li><a href="/stats.php">Les statistiques de CAcert</a></li> <li><a href="http://blog.CAcert.org/feed/">Flux RSS</a></li> <li><a href="//wiki.cacert.org/Board">Conseil d'administration de CAcert</a></li> <li><a href="https://lists.cacert.org/wws">Listes de diffusion</a></li> <li><a href="/src-lic.php">Code source</a></li> </ul> </div> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('trans')">+ Traductions</h3> <ul class="menu" id="trans"><li><a href="/index.php?id=3&lang=ar">العربية</a></li><li><a href="/index.php?id=3&lang=bg">Български</a></li><li><a href="/index.php?id=3&lang=cs">Čeština</a></li><li><a href="/index.php?id=3&lang=da">Dansk</a></li><li><a href="/index.php?id=3&lang=de">Deutsch</a></li><li><a href="/index.php?id=3&lang=el">Ελληνικά</a></li><li><a href="/index.php?id=3&lang=en">English</a></li><li><a href="/index.php?id=3&lang=es">Español</a></li><li><a href="/index.php?id=3&lang=fi">Suomi</a></li><li><a href="/index.php?id=3&lang=fr">Français</a></li><li><a href="/index.php?id=3&lang=hu">Magyar</a></li><li><a href="/index.php?id=3&lang=it">Italiano</a></li><li><a href="/index.php?id=3&lang=ja">日本語</a></li><li><a href="/index.php?id=3&lang=lv">Latviešu</a></li><li><a href="/index.php?id=3&lang=nl">Nederlands</a></li><li><a href="/index.php?id=3&lang=pl">Polski</a></li><li><a href="/index.php?id=3&lang=pt">Português</a></li><li><a href="/index.php?id=3&lang=pt-br">Português Brasileiro</a></li><li><a href="/index.php?id=3&lang=ru">Русский</a></li><li><a href="/index.php?id=3&lang=sv">Svenska</a></li><li><a href="/index.php?id=3&lang=tr">Türkçe</a></li><li><a href="/index.php?id=3&lang=zh-cn">中文(简体)</a></li><li><a href="/index.php?id=3&lang=zh-tw">中文(臺灣)</a></li></ul> </div> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('recom')">Publicité</h3> <ul class="menu" id="recom"></ul> </div> </div> <div id="content"> <div class="story"> <p>Vous êtes lié par la <a href='/policy/RootDistributionLicense.html'> Licence de distribution des certificats Racine (Root Distribution Licence) </a> pour pouvoir redistribuer les certificats racines de CAcert.</p> <h3>Clé PKI de classe 1</h3> <ul class="no_indent"> <li><a href="certs/root_X0F.crt">Certificat racine (format PEM)</a></li> <li><a href="certs/root_X0F.der">Certificat racine (format DER)</a></li> <li><a href="certs/root_X0F.txt">Certificat racine (Format Texte)</a></li> <li><a href="https://crl.cacert.org/revoke.crl">CRL</a></li> <li>SHA256 fingerprint: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</li> <li>SHA1 fingerprint: DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5</li> </ul> <h3>Clé PKI de classe 3</h3> <ul class="no_indent"> <li><a href="certs/CAcert_Class3Root_x14E228.crt">Certificat Intermédiaire (Format PEM)</a></li> <li><a href="certs/CAcert_Class3Root_x14E228.der">Certificat Intermédiaire (Format DER)</a></li> <li><a href="certs/CAcert_Class3Root_x14E228.txt">Certificat Intermédiaire (Format Texte)</a></li> <li><a href="https://crl.cacert.org/class3-revoke.crl">CRL</a></li> <li>SHA256 fingerprint: 1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869</li> <li>SHA1 fingerprint: D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8</li> </ul> <h3>Clé GPG</h3> <ul class="no_indent"> <li><a href="certs/cacert.asc">Clé GPG de CAcert</a></li> <li>ID de clé GPG : 0x65D0FD58</li> <li>Empreinte : A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li> </ul> <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58 sub 2048g/113ED0F2 2003-07-11 [expires: 2033-07-03] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk TG1yj+lkktROGGyn0hJ5SbM= =tXoj -----END PGP SIGNATURE----- </pre> <h3>Historique</h3> <p> Un aperçu de tous les certificats CA émis peut être trouvé dans <a href="//wiki.cacert.org/Roots/StateOverview">le wiki</a>.</p> </div> </div> <div class="sponsorinfo"> Les opérations CAcert sont parrainées par <a href="http://www.bit.nl/" target="_blank"><img class="sponsorlogo" src="/images/bit.png" alt="[BIT logo]" border="0"></a> <a href="http://www.tunix.nl/" target="_blank"><img class="sponsorlogo" src="/images/tunix.png" alt="[TUNIX logo]" border="0"></a> <a href="http://www.nlnet.nl/" target="_blank"><img class="sponsorlogo" src="/images/nlnet.png" alt="[NLnet logo]" border="0"></a> <a href="http://www.openarchitecturenetwork.org/" target="_blank"><img class="sponsorlogo" src="/images/oan.png" alt="[OAN logo]" border="0"></a> </div> <div id="siteInfo"> <a href="//wiki.cacert.org/FAQ/AboutUs">À notre sujet</a> | <a href="/index.php?id=13">Dons</a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated">Adhésion à l'association</a> | <a href="/policy/PrivacyPolicy.html">Règles de confidentialité</a> | <a href="/index.php?id=51">Exposé des missions de CAcert.org</a> | <a href="/index.php?id=11">Contactez-nous</a> | ©2002-2021 par CAcert</div> </div> </body> </html> |
|
3.php corrected according to 0001526~0006005 and 0001526~0006006 3.php (3,910 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p> <h3><?=_("Class 1 PKI Key")?></h3> <ul class="no_indent"> <li><a href="certs/root_X0F.crt"><?=_("Root Certificate (PEM Format)")?></a></li> <li><a href="certs/root_X0F.der"><?=_("Root Certificate (DER Format)")?></a></li> <li><a href="certs/root_X0F.txt"><?=_("Root Certificate (Text Format)")?></a></li> <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li> <li><?=_("SHA256 fingerprint:")?> 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</li> <li><?=_("SHA1 fingerprint:")?> DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5</li> </ul> <h3><?=_("Class 3 PKI Key")?></h3> <ul class="no_indent"> <li><a href="certs/CAcert_Class3Root_x14E228.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li> <li><a href="certs/CAcert_Class3Root_x14E228.der"><?=_("Intermediate Certificate (DER Format)")?></a></li> <li><a href="certs/CAcert_Class3Root_x14E228.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li> <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li> <li><?=_("SHA256 fingerprint:")?> 1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869</li> <li><?=_("SHA1 fingerprint:")?> D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8</li> </ul> <h3><?=_("GPG Key")?></h3> <ul class="no_indent"> <li><a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a></li> <li><?=_("GPG Key ID:")?> 0x65D0FD58</li> <li><?=_("Fingerprint:")?> A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li> </ul> <?php if ( false ) { ?> /** Since we don't seem to have a way to GPG sign our current key, we have, at least temporarily, removed this. https://bugs.cacert.org/view.php?id=1305#c5784 **/ <h4><?=_("PKI fingerprint signed by the CAcert GPG Key")?></h4> <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For most software, the fingerprint is reported as: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B Under MSIE the thumbprint is reported as: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/VtRZ0rsNAWXQ/VgRAphfAJ9jh6TKBDexG0NTTUHvdNuf6O9RuQCdE5kD Mch2LMZhK4h/SBIft5ROzVU= =R/pJ -----END PGP SIGNATURE----- </pre> <?php } ?> <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58 sub 2048g/113ED0F2 2003-07-11 [expires: 2033-07-03] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk TG1yj+lkktROGGyn0hJ5SbM= =tXoj -----END PGP SIGNATURE----- </pre> <h3><?=_("History")?></h3> <p> <? printf(_('An overview over all CA certificates ever issued can be found in '. '%sthe wiki%s.'), '<a href="//wiki.cacert.org/Roots/StateOverview">', '</a>') ?> </p> |
|
As the diff only shows filename- and fingerprint-changes (and the fingerprints are the correct ones) the review is passed. But ... as we already published the Class-3-certificate using the name class3_2021.crt I suggest to follow this naming-convention for PEM, DER and TXT-Format, so the diff should be: $diff 33,35c33,35 < < < --- > > > 37,38c37,38 < < --- > > |
|
The reasons for choosing the name CAcert_Class3Root_x14E228.* are as follows: CAcert Class3Root x14E228 |______| |__________| |_______| | | | | | | | | ---> the serial number identifies the | | certificate without ambiguity | | | ---> the full name of the certificate is the one found | in the documentation = no ambiguity | ---> once downloaded, the CA should remain easy to identify alphabetically among other files |
|
As discussed in email communication, the naming scheme should be as proposed by @alkas. Note that there is no technical reasoning, the idea is simply that the "long" naming scheme better identifies the file's content, for system management as well as for users who'll download the file. If possible the files should also be accessible via the link https://www.cacert.org/certs/class3.*, the idea is that there is a fixed link which always points to the currently used class 3 certificate. The review is a PASS (for both variants). |
|
The page https://www.cacert.org/index.php?id=3 has been updated by Dirk with the new Class 3 Root certificate and its own SHA1 and SHA256 fingerprints. |
Date Modified | Username | Field | Change |
---|---|---|---|
2021-05-21 08:13 | alkas | New Issue | |
2021-05-21 08:13 | alkas | Tag Attached: Class 3 | |
2021-05-21 08:13 | alkas | Tag Attached: renew | |
2021-05-21 21:16 |
|
Note Added: 0006005 | |
2021-05-21 21:16 |
|
File Added: CAcert_Class3Root_x14E228.crt | |
2021-05-21 21:16 |
|
File Added: CAcert_Class3Root_x14E228.der | |
2021-05-21 21:16 |
|
File Added: CAcert_Class3Root_x14E228.txt | |
2021-05-21 21:25 | egal | Note Added: 0006006 | |
2021-05-21 21:49 |
|
Note Added: 0006007 | |
2021-05-21 21:49 |
|
File Added: Bienvenue à CAcert.org.html | |
2021-05-22 07:41 | alkas | Note Added: 0006008 | |
2021-05-22 07:41 | alkas | File Added: 3.php | |
2021-05-22 11:30 | egal | Reviewed by | => egal |
2021-05-22 11:30 | egal | Note Added: 0006009 | |
2021-05-22 11:31 | egal | Note Edited: 0006009 | |
2021-05-22 11:51 | egal | Assigned To | => Ted |
2021-05-22 11:51 | egal | Status | new => needs review & testing |
2021-05-22 11:52 | egal | Status | needs review & testing => needs review |
2021-06-09 22:44 |
|
Note Added: 0006013 | |
2021-06-12 20:59 | Ted | Note Added: 0006014 | |
2021-06-12 21:00 | Ted | Status | needs review => ready to deploy |
2021-06-12 21:00 | Ted | Reviewed by | egal => egal, Ted |
2021-08-06 09:52 |
|
Note Added: 0006049 | |
2021-08-06 10:14 |
|
Status | ready to deploy => closed |
2021-08-06 10:14 |
|
Resolution | open => fixed |
2021-08-06 10:14 |
|
Steps to Reproduce Updated |