Cert list: Add pointer to crt.sh

author: Guilhem Moulin <guilhem.moulin@fripost.org> 2015-12-20 12:53:39 +0100
committer: Guilhem Moulin <guilhem.moulin@fripost.org> 2015-12-20 12:53:39 +0100
commit: 76c499fb2417669f0c17a0aea0d9139aeb971146 (patch)
tree: d4e24e87eb012a45c11af4307e8df087287e4bde /website/certs.mdwn
parent: 08f92236e02ffd200af10fc10a7991f317275313 (diff)
1 files changed, 43 insertions, 44 deletions
diff --git a/website/certs.mdwn b/website/certs.mdwn
index a207d07..30cd9b3 100644
--- a/website/certs.mdwn
+++ b/website/certs.mdwn
@@ -1,13 +1,19 @@
 # Certificates at Fripost
 
-The following is an up-to date list of SHA-1 and SHA-256 fingerprints of all
-X.509 certificates Fripost uses on its publicly available services.  Please
-consider any mismatch as a man-in-the-middle attack, and let us know
-immediately!  (See also the [[signed version of this page|certs.asc]].)
+The following is an up-to date list of SHA-1 and SHA-256 fingerprints of
+all SPKI (Subject Public Key Info) of each X.509 certificate Fripost
+uses on its publicly available services.  Please consider any mismatch
+as a man-in-the-middle attack, and let us know immediately!  (See also
+the [[signed version of this page|certs.asc]].)
 -- [[admin@fripost.org|mailto:admin@fripost.org]]
 
 
-All our X.509 certificates are available in PEM format under our
+These certificates are all issued by the [[Let’s Encrypt Certificate
+Authority|https://letsencrypt.org]], and are submitted to [[Certificate
+Transparency logs|https://www.certificate-transparency.org].
+You can view all issued Let’s Encrypt certificates at
+[[crt.sh|https://crt.sh/?Identity=%25fripost.org&iCAID=7395]].
+Our X.509 certificates are also available in PEM format under our
 [[Git repository|https://git.fripost.org/fripost-ansible/tree/certs/public]],
 from which this fingerprint list was [[generated|https://git.fripost.org/fripost-ansible/tree/certs/gencerts.sh]], at
 [[Commit ID 03bc468 from Wed, 2 Dec 2015 23:14:30 +0100|https://git.fripost.org/fripost-ansible/tree/certs/public?id=03bc468e0dab47c9720d3ffa78ab3880d11870b5]].
@@ -17,68 +23,68 @@ from which this fingerprint list was [[generated|https://git.fripost.org/fripost
 
     imap.fripost.org:993 (IMAP over SSL), sieve.fripost.org:4190 (ManageSieve, STARTTLS)
 
-        X.509 SHA1   D0:05:4C:E8:72:BE:24:5A:03:5B:7E:FC:40:B6:5A:AD:3F:38:8A:7C
-        X.509 SHA256 38:7C:C5:36:C1:D1:87:7B:63:3D:EE:76:11:3D:D9:E7:2E:BE:54:13:F3:15:FE:3B:58:3D:0A:2F:6B:6F:58:04
-        PKey  SHA1   79:EE:C2:1B:9B:5A:67:D8:1F:DF:D2:F5:2A:A3:68:EB:02:FF:5A:F2
-        PKey  SHA256 60:DB:17:31:FC:F1:F8:60:DE:7E:84:C1:A2:C4:8C:B9:CD:ED:00:47:50:B2:1F:BF:67:61:6B:13:E8:AD:7D:E5
+        X.509: https://crt.sh/?spkisha1=79eec21b9b5a67d81fdfd2f52aa368eb02ff5af2&iCAID=7395
+        SPKI:
+          SHA1   79:EE:C2:1B:9B:5A:67:D8:1F:DF:D2:F5:2A:A3:68:EB:02:FF:5A:F2
+          SHA256 60:DB:17:31:FC:F1:F8:60:DE:7E:84:C1:A2:C4:8C:B9:CD:ED:00:47:50:B2:1F:BF:67:61:6B:13:E8:AD:7D:E5
 
  * SMTP servers (STARTTLS)
 
     smtp.fripost.org:587 (Mail Submission Agent)
 
-        X.509 SHA1   31:86:3C:FF:9B:DB:28:48:21:F4:68:3D:43:43:98:94:35:74:93:20
-        X.509 SHA256 3E:56:98:15:A2:5A:DA:FA:62:80:6F:08:E0:8E:20:C7:89:E0:E6:9C:5B:25:10:2D:52:80:E8:DB:AC:0A:1B:81
-        PKey  SHA1   A7:DB:17:4B:55:94:7B:8F:BB:90:5F:BC:48:CC:99:FD:29:73:C7:D8
-        PKey  SHA256 A2:72:6E:C6:51:4D:66:70:AA:F4:90:08:C1:7A:3F:28:F9:2E:E9:81:E5:30:D1:0E:19:D6:84:7C:EA:A3:C9:05
+        X.509: https://crt.sh/?spkisha1=a7db174b55947b8fbb905fbc48cc99fd2973c7d8&iCAID=7395
+        SPKI:
+          SHA1   A7:DB:17:4B:55:94:7B:8F:BB:90:5F:BC:48:CC:99:FD:29:73:C7:D8
+          SHA256 A2:72:6E:C6:51:4D:66:70:AA:F4:90:08:C1:7A:3F:28:F9:2E:E9:81:E5:30:D1:0E:19:D6:84:7C:EA:A3:C9:05
 
 
     mx1.fripost.org:25 (1st Mail eXchange)
 
-        X.509 SHA1   80:09:E6:ED:2A:F4:0A:45:D2:EE:16:72:29:70:27:C5:3B:DC:0B:75
-        X.509 SHA256 9E:FD:43:FD:0E:7A:91:B6:F5:10:EF:CA:25:F7:1B:73:1A:83:40:92:F6:04:DC:E7:48:8A:21:EC:93:35:6B:46
-        PKey  SHA1   DF:D7:33:FB:96:EC:39:58:4E:31:05:35:E0:DF:EA:59:27:90:D4:0D
-        PKey  SHA256 63:C2:A1:DC:E0:BC:20:A6:CD:E1:6E:AE:1C:EC:71:CF:42:27:0D:1E:46:0F:03:9D:C2:FD:EA:1E:27:48:70:BA
+        X.509: https://crt.sh/?spkisha1=dfd733fb96ec39584e310535e0dfea592790d40d&iCAID=7395
+        SPKI:
+          SHA1   DF:D7:33:FB:96:EC:39:58:4E:31:05:35:E0:DF:EA:59:27:90:D4:0D
+          SHA256 63:C2:A1:DC:E0:BC:20:A6:CD:E1:6E:AE:1C:EC:71:CF:42:27:0D:1E:46:0F:03:9D:C2:FD:EA:1E:27:48:70:BA
 
 
     mx2.fripost.org:25 (2nd Mail eXchange)
 
-        X.509 SHA1   66:F4:09:87:8E:F1:FA:A6:5B:E0:91:B3:17:A5:77:95:B0:58:A8:35
-        X.509 SHA256 AF:97:80:7A:6F:29:AF:59:53:13:7F:11:C3:04:17:9F:70:F0:6A:28:E5:A4:C9:E3:23:EC:94:72:0E:65:1F:0A
-        PKey  SHA1   A0:85:B9:51:9F:F1:71:3C:F6:61:C1:6A:7E:DC:F4:91:8A:64:32:11
-        PKey  SHA256 93:07:B7:87:81:24:E4:E7:9F:98:71:EE:88:CB:9D:4A:82:EA:9E:7C:27:06:5A:21:A8:1D:90:25:67:A8:D2:7A
+        X.509: https://crt.sh/?spkisha1=a085b9519ff1713cf661c16a7edcf4918a643211&iCAID=7395
+        SPKI:
+          SHA1   A0:85:B9:51:9F:F1:71:3C:F6:61:C1:6A:7E:DC:F4:91:8A:64:32:11
+          SHA256 93:07:B7:87:81:24:E4:E7:9F:98:71:EE:88:CB:9D:4A:82:EA:9E:7C:27:06:5A:21:A8:1D:90:25:67:A8:D2:7A
 
  * Web servers
 
     fripost.org:443 (website), wiki.fripost.org:443 (wiki)
 
-        X.509 SHA1   5A:A1:E3:12:A0:24:E9:06:D3:85:08:7B:32:F6:CB:D3:2F:9B:EC:16
-        X.509 SHA256 D1:9D:94:B7:4A:B7:FE:F8:E0:75:17:04:2D:86:6A:91:58:61:6C:AD:65:C4:02:A9:C1:B1:30:33:C5:D5:57:58
-        PKey  SHA1   B8:CB:E1:30:7E:BA:03:C3:DB:BE:BF:65:FD:80:68:F8:D3:E0:1C:7D
-        PKey  SHA256 7D:0F:A0:6A:EE:F6:8B:03:9F:EA:B9:97:BD:8E:FF:41:E9:81:FA:46:21:8B:13:C2:63:F0:3F:10:8A:F7:6A:DB
+        X.509: https://crt.sh/?spkisha1=b8cbe1307eba03c3dbbebf65fd8068f8d3e01c7d&iCAID=7395
+        SPKI:
+          SHA1   B8:CB:E1:30:7E:BA:03:C3:DB:BE:BF:65:FD:80:68:F8:D3:E0:1C:7D
+          SHA256 7D:0F:A0:6A:EE:F6:8B:03:9F:EA:B9:97:BD:8E:FF:41:E9:81:FA:46:21:8B:13:C2:63:F0:3F:10:8A:F7:6A:DB
 
 
     mail.fripost.org:443 (webmail)
 
-        X.509 SHA1   29:57:E5:E3:88:31:FC:0F:E5:77:0F:38:D4:45:F3:1B:AA:E6:D4:E0
-        X.509 SHA256 45:BD:5D:DB:FF:7F:D0:45:E3:48:BA:A7:48:32:13:21:0A:EA:A1:93:A2:0B:C1:FE:4A:5B:24:6E:8A:DF:C4:1D
-        PKey  SHA1   4F:E7:42:40:98:35:51:CF:93:65:EF:F2:D1:7C:3C:46:60:64:2C:30
-        PKey  SHA256 48:77:E7:88:C1:1A:A7:17:98:A3:96:13:FF:68:CF:FA:7F:96:B2:D3:5A:62:08:43:32:16:54:69:D2:E5:3C:39
+        X.509: https://crt.sh/?spkisha1=4fe74240983551cf9365eff2d17c3c4660642c30&iCAID=7395
+        SPKI:
+          SHA1   4F:E7:42:40:98:35:51:CF:93:65:EF:F2:D1:7C:3C:46:60:64:2C:30
+          SHA256 48:77:E7:88:C1:1A:A7:17:98:A3:96:13:FF:68:CF:FA:7F:96:B2:D3:5A:62:08:43:32:16:54:69:D2:E5:3C:39
 
 
     lists.fripost.org:443 (list manager)
 
-        X.509 SHA1   C8:A6:A2:C9:9D:54:82:13:5F:DE:4C:29:D6:89:46:A0:24:9A:0B:44
-        X.509 SHA256 66:6A:50:D1:1E:39:AC:22:21:FD:6D:E5:B7:60:EE:21:9E:AA:FF:E2:DC:91:91:01:5C:E6:E6:05:A6:44:6C:83
-        PKey  SHA1   E9:45:89:19:95:44:B1:C7:61:C1:75:4B:A1:3F:8C:38:D4:10:A5:33
-        PKey  SHA256 38:BC:75:84:E1:2A:9C:27:52:FF:B6:60:CD:3C:C0:97:C2:20:FC:2C:29:CF:93:18:F4:9F:45:8A:C8:60:EB:FD
+        X.509: https://crt.sh/?spkisha1=e94589199544b1c761c1754ba13f8c38d410a533&iCAID=7395
+        SPKI:
+          SHA1   E9:45:89:19:95:44:B1:C7:61:C1:75:4B:A1:3F:8C:38:D4:10:A5:33
+          SHA256 38:BC:75:84:E1:2A:9C:27:52:FF:B6:60:CD:3C:C0:97:C2:20:FC:2C:29:CF:93:18:F4:9F:45:8A:C8:60:EB:FD
 
 
     git.fripost.org:443 (git server and its web interface)
 
-        X.509 SHA1   BF:69:8F:8D:57:09:5C:F1:CA:3D:45:33:7C:5B:75:65:F3:0B:94:EA
-        X.509 SHA256 AB:7F:65:FC:9E:F5:B8:0E:15:3C:C7:DB:74:D2:24:D4:6E:47:A7:E9:43:57:D8:4B:A4:CC:8F:1F:42:DE:46:CD
-        PKey  SHA1   02:D7:7C:F0:16:F4:55:0D:C3:6B:A1:C4:B6:95:1B:65:26:64:C8:28
-        PKey  SHA256 1C:EA:22:5E:00:BB:B6:89:73:67:7D:5B:EB:95:33:6C:02:A1:A4:20:80:EC:8D:22:35:D3:BB:34:4B:8B:D2:55
+        X.509: https://crt.sh/?spkisha1=02d77cf016f4550dc36ba1c4b6951b652664c828&iCAID=7395
+        SPKI:
+          SHA1   02:D7:7C:F0:16:F4:55:0D:C3:6B:A1:C4:B6:95:1B:65:26:64:C8:28
+          SHA256 1C:EA:22:5E:00:BB:B6:89:73:67:7D:5B:EB:95:33:6C:02:A1:A4:20:80:EC:8D:22:35:D3:BB:34:4B:8B:D2:55
 
  * SSH server
 
@@ -86,10 +92,3 @@ from which this fingerprint list was [[generated|https://git.fripost.org/fripost
 
         RSA    MD5:0b:e5:47:44:71:cb:41:7d:1e:1b:25:bc:28:e8:c3:a2
         RSA SHA256:zNZXfa/okPm/tV9dl3gNlizfXAghrMSgrcwICiWx+80
-
-
-If your SSL/TLS-capable client is able to validate the public key
-fingerprint of the remote peer certificate, then you should probably use
-this (the above values prefixed with "PKey") instead of the fingerprint
-of the certificate instead (the above values prefixed with "X.509"),
-since the former typically doesn't change upon certificate renewal.
author	Guilhem Moulin <guilhem.moulin@fripost.org>	2015-12-20 12:53:39 +0100
committer	Guilhem Moulin <guilhem.moulin@fripost.org>	2015-12-20 12:53:39 +0100
commit	76c499fb2417669f0c17a0aea0d9139aeb971146 (patch)
tree	d4e24e87eb012a45c11af4307e8df087287e4bde /website/certs.mdwn
parent	08f92236e02ffd200af10fc10a7991f317275313 (diff)