[Gluster-infra] certificates for www.gluster.org and download.gluster.org
Michael Scherer
mscherer at redhat.com
Wed Sep 5 15:32:13 UTC 2018
Le mercredi 05 septembre 2018 à 15:26 +1000, Danil Mashonkin a écrit :
> Hi,
>
>
> There is an enquiry to clarify the situation with DigiCert vs Let's
> encrypt.
Hi Danil,
I did answer to you in private with the complete details and timeline
regarding why this did happen, but yes, we are using LE, so no need
for download.gluster.org certificates.
> We have two certificates issued for download.gluster.org and looks
> like
> none of them in use.
>
> +Order #
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=order>Order
> Date
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=date>Common
> Name
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=domain>
> StatusValidity
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=lifetime>
> Product
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=product>
> Expires
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=expires>
> + 00761150
> <https://www.digicert.com/enterprise/order-details.php?order_id=00761
> 150> 15
> Sep 2015 download.gluster.org Renewed 3 Years Standard SSL 19 Sep
> 2018
> + 03361764
> <https://www.digicert.com/enterprise/order-details.php?order_id=03361
> 764> 27
> Aug 2018 download.gluster.org Active 2 Years Standard SSL 16 Oct 2020
> $ echo -n|openssl s_client -showcerts -crlf -connect
> download.gluster.org:443 2>/dev/null|openssl x509 -text -noout
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 03:ce:c4:05:2a:a1:1f:3e:f9:cf:36:7f:39:04:a1:7a:17:6c
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
> Validity
> Not Before: Aug 3 02:46:08 2018 GMT
> Not After : Nov 1 02:46:08 2018 GMT
> Subject: CN=download.gluster.org
>
> and www.gluster.org reirect to gluster.wpengine.com
>
> $ dig www.gluster.org
>
> ;; ANSWER SECTION:
> www.gluster.org. 300 IN CNAME gluster.wpengine.com.
> gluster.wpengine.com. 120 IN A 35.197.52.145
>
> And DigiCerts says:
>
> Order #
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=order>Order
> Date
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=date>Common
> Name
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=domain>
> StatusValidity
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=lifetime>
> Product
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=product>
> Expires
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=expires>
> + 00761149
> <https://www.digicert.com/enterprise/order-details.php?order_id=00761
> 149> 15
> Sep 2015 www.gluster.org Renewed 3 Years Multi-Domain SSL 19 Sep 2018
> + 03361710
> <https://www.digicert.com/enterprise/order-details.php?order_id=03361
> 710> 27
> Aug 2018 www.gluster.org Active 2 Years Multi-Domain SSL 16 Oct 2020
> So, question is do we really need to keep these DigiCert certificates
> if
> they are not in use?
>
> Thank you.
> _______________________________________________
> Gluster-infra mailing list
> Gluster-infra at gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-infra
--
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20180905/5aab6582/attachment.sig>
More information about the Gluster-infra
mailing list