Date: Wed, 31 Mar 2021 13:26:02 +0200 From: Jochen Neumeister <joneum@FreeBSD.org> To: Christoph Moench-Tegeder <cmt@burggraben.net>, freebsd-current@freebsd.org Subject: Re: Blacklisted certificates Message-ID: <b8135fce-1e3e-fce5-4be8-32cd4931cb51@FreeBSD.org> In-Reply-To: <YGRWvWRP0DifBj%2Bm@elch.exwg.net> References: <a201a652-cd77-17a7-03a5-2715920d1d3e@FreeBSD.org> <YGRWvWRP0DifBj%2Bm@elch.exwg.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder: > ## Jochen Neumeister (joneum@FreeBSD.org): > >> Why are this certificates blacklisted? > Various reasons: > - Symantec (which owned Thawte and VeriSign back in the time) made > the news in a bad way: > https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/ > - some certificates are simply expired > - some certificates use SHA-1 ("sha1WithRSAEncryption") which is > beyond deprecated > - and basically "whatever Mozilla did", as the certificates are > imported from NSS. how can I ignore the certificates now? So now everyone has this problem with an update Greetings Jochen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b8135fce-1e3e-fce5-4be8-32cd4931cb51>