diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2015-12-03 17:38:51 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2015-12-03 17:38:55 +0100 |
commit | eef444ca663d373acabc00be00153e9b3ef097a8 (patch) | |
tree | 7f3366823f48738ce003b3b4bd899caabf4a50ab /website | |
parent | 2714a4f77b19b0e7a9305ad72b9cdde4d7358e50 (diff) |
Update the fingerprint list; also, add pubkey fingerprints.
The list is now automatically generated from
https://git.fripost.org/fripost-ansible/tree/certs/gencerts.sh
Diffstat (limited to 'website')
-rw-r--r-- | website/certs.asc | 119 | ||||
-rw-r--r-- | website/certs.mdwn | 102 |
2 files changed, 121 insertions, 100 deletions
diff --git a/website/certs.asc b/website/certs.asc index 5960bd9..23673a0 100644 --- a/website/certs.asc +++ b/website/certs.asc @@ -7,82 +7,91 @@ consider any mismatch as a man-in-the-middle attack, and let us know immediately! -- admin@fripost.org +All our X.509 certificates are available in PEM format under + + https://git.fripost.org/fripost-ansible/tree/certs/public , + +Git repository from which this fingerprint list was generated, at commit ID +03bc468 from Wed, 2 Dec 2015 23:14:30 +0100. + + * IMAP server - imap.fripost.org:993 - SHA1 8A:81:CF:C3:04:01:BC:C6:58:03:CB:4B:61:F0:C9:0B:09:51:B8:F8 - SHA256 52:BA:FF:9F:7A:6B:7B:50:51:CB:64:BE:46:72:65:8E:D6:FC:3C:CE:5B:6C:9F:9F:E0:58:00:7B:8F:13:6E:D3 + imap.fripost.org:993 (IMAP over SSL), sieve.fripost.org:4190 (ManageSieve, STARTTLS) + X.509 SHA1 8A:81:CF:C3:04:01:BC:C6:58:03:CB:4B:61:F0:C9:0B:09:51:B8:F8 + X.509 SHA256 52:BA:FF:9F:7A:6B:7B:50:51:CB:64:BE:46:72:65:8E:D6:FC:3C:CE:5B:6C:9F:9F:E0:58:00:7B:8F:13:6E:D3 + PKey SHA1 2C:E3:FB:47:F3:74:38:11:36:D6:5A:44:FF:D4:F5:45:37:96:9E:61 + PKey SHA256 C7:F6:2E:72:F6:63:98:C3:A8:CA:5E:2C:FF:EC:1B:57:A4:8B:1E:45:21:94:62:43:4E:FB:23:7A:0A:95:57:6E * SMTP servers (STARTTLS) smtp.fripost.org:587 (Mail Submission Agent) - SHA1 03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC - SHA256 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB + X.509 SHA1 03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC + X.509 SHA256 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB + PKey SHA1 C9:5F:8B:E8:56:3A:3C:B7:2D:0A:D2:B5:0F:59:0D:E1:C1:26:E7:B5 + PKey SHA256 92:BF:5E:D5:B0:4E:10:19:20:08:C4:70:D6:F3:F7:EC:5F:6E:75:D2:1F:9B:FF:4D:49:BD:B0:8A:68:90:49:BF mx1.fripost.org:25 (1st Mail eXchange) - SHA1 A5:9D:30:9A:49:4E:45:02:05:4B:D9:F8:12:8E:EE:F3:A8:CD:5C:4A - SHA256 85:C9:C3:07:D6:BB:4E:A2:66:DF:DA:3B:B8:A4:D6:B3:71:B0:48:05:DD:A6:87:83:3F:B5:3E:4F:CF:1E:30:5B + X.509 SHA1 A5:9D:30:9A:49:4E:45:02:05:4B:D9:F8:12:8E:EE:F3:A8:CD:5C:4A + X.509 SHA256 85:C9:C3:07:D6:BB:4E:A2:66:DF:DA:3B:B8:A4:D6:B3:71:B0:48:05:DD:A6:87:83:3F:B5:3E:4F:CF:1E:30:5B + PKey SHA1 CE:37:86:CF:C8:CC:54:FA:46:93:A3:87:41:98:48:38:57:14:57:55 + PKey SHA256 51:26:BF:58:89:19:90:C1:CD:0B:15:88:22:99:94:66:00:15:D1:37:DA:46:AA:F6:E9:76:27:F9:D2:5A:EF:B4 mx2.fripost.org:25 (2nd Mail eXchange) - SHA1 67:67:D2:A6:0A:E5:8F:83:A9:85:26:01:71:80:24:C6:0B:DA:30:4F - SHA256 B1:F4:82:E9:6E:B7:B0:0A:4A:FE:BD:92:6C:8D:EE:F6:6E:8C:1B:33:D3:7A:4B:6E:FB:37:D9:21:62:99:C2:73 + X.509 SHA1 67:67:D2:A6:0A:E5:8F:83:A9:85:26:01:71:80:24:C6:0B:DA:30:4F + X.509 SHA256 B1:F4:82:E9:6E:B7:B0:0A:4A:FE:BD:92:6C:8D:EE:F6:6E:8C:1B:33:D3:7A:4B:6E:FB:37:D9:21:62:99:C2:73 + PKey SHA1 8B:FA:A2:46:4A:83:2E:B4:3F:D0:F8:95:C9:7F:1A:DD:E9:58:30:53 + PKey SHA256 8A:58:76:E6:AD:55:4A:44:FB:E8:03:F2:56:1E:98:04:23:32:EA:BD:83:20:AC:D9:6D:3C:74:69:F4:9F:02:A0 * Web servers - fripost.org:443 (website), mail.fripost.org:443 (webmail), wiki.fripost.org:443 (wiki) - SHA1 E1:82:59:FD:7F:9A:11:EF:DC:1B:46:3B:AB:9F:F6:BB:A0:E4:D4:59 - SHA256 7D:F2:7C:67:90:91:EB:5E:1E:25:D0:7B:A4:A5:72:9F:EA:20:EC:F0:74:1C:25:66:1D:72:56:A3:3B:53:D9:9A + fripost.org:443 (website), wiki.fripost.org:443 (wiki) + X.509 SHA1 E1:82:59:FD:7F:9A:11:EF:DC:1B:46:3B:AB:9F:F6:BB:A0:E4:D4:59 + X.509 SHA256 7D:F2:7C:67:90:91:EB:5E:1E:25:D0:7B:A4:A5:72:9F:EA:20:EC:F0:74:1C:25:66:1D:72:56:A3:3B:53:D9:9A + PKey SHA1 5B:D6:82:A7:D2:CB:67:54:54:CD:69:42:AA:E5:89:14:68:87:11:47 + PKey SHA256 CC:F1:F4:6C:54:29:04:05:5A:96:7E:20:8F:87:53:45:BE:CB:72:8E:40:E0:53:40:32:C0:B2:DC:E0:14:FD:BD + + mail.fripost.org:443 (webmail) + X.509 SHA1 E1:82:59:FD:7F:9A:11:EF:DC:1B:46:3B:AB:9F:F6:BB:A0:E4:D4:59 + X.509 SHA256 7D:F2:7C:67:90:91:EB:5E:1E:25:D0:7B:A4:A5:72:9F:EA:20:EC:F0:74:1C:25:66:1D:72:56:A3:3B:53:D9:9A + PKey SHA1 5B:D6:82:A7:D2:CB:67:54:54:CD:69:42:AA:E5:89:14:68:87:11:47 + PKey SHA256 CC:F1:F4:6C:54:29:04:05:5A:96:7E:20:8F:87:53:45:BE:CB:72:8E:40:E0:53:40:32:C0:B2:DC:E0:14:FD:BD lists.fripost.org:443 (list manager) - SHA1 9B:EA:15:0C:B3:17:EC:CB:E5:38:DA:93:5C:1D:52:98:13:E4:8A:BC - SHA256 04:86:AF:AB:68:35:D2:48:0C:F3:55:54:98:5D:2A:48:69:D7:C5:B2:CC:1C:F7:6F:F8:54:25:CF:E5:91:88:21 + X.509 SHA1 9B:EA:15:0C:B3:17:EC:CB:E5:38:DA:93:5C:1D:52:98:13:E4:8A:BC + X.509 SHA256 04:86:AF:AB:68:35:D2:48:0C:F3:55:54:98:5D:2A:48:69:D7:C5:B2:CC:1C:F7:6F:F8:54:25:CF:E5:91:88:21 + PKey SHA1 50:D8:27:64:38:DF:33:D4:C0:08:02:F3:B9:B2:D6:7C:01:44:B4:32 + PKey SHA256 4E:BC:33:F9:8E:79:F8:4C:D7:AE:FA:CD:EB:BD:05:3F:96:7C:83:88:CA:AC:B5:B1:2C:E4:88:12:B2:A6:8D:18 - git.fripost.org:443 (git server), gitweb.fripost.org:443 (gitweb interface) - SHA1 70:14:8A:A0:29:8E:53:65:8E:23:CF:BA:45:F1:0F:CB:68:81:AC:B6 - SHA256 84:2A:13:7A:B2:20:25:D6:38:8C:EE:8B:BC:A2:60:C5:AC:CD:8A:6B:67:17:B4:78:7F:97:3F:DE:7B:7D:83:B2 + git.fripost.org:443 (git server and its web interface) + X.509 SHA1 70:14:8A:A0:29:8E:53:65:8E:23:CF:BA:45:F1:0F:CB:68:81:AC:B6 + X.509 SHA256 84:2A:13:7A:B2:20:25:D6:38:8C:EE:8B:BC:A2:60:C5:AC:CD:8A:6B:67:17:B4:78:7F:97:3F:DE:7B:7D:83:B2 + PKey SHA1 69:92:D4:A3:EF:57:3A:52:38:E5:9B:E1:91:0F:2D:62:FA:8B:E3:6A + PKey SHA256 4A:48:DB:F7:68:FA:C8:97:A2:8E:AA:60:F3:00:75:E2:CF:85:A2:3B:CD:DB:66:81:F8:16:46:87:41:7F:CE:E2 * SSH server - gitolite@git.fripost.org + gitolite@git.fripost.org:22 RSA MD5:0b:e5:47:44:71:cb:41:7d:1e:1b:25:bc:28:e8:c3:a2 RSA SHA256:zNZXfa/okPm/tV9dl3gNlizfXAghrMSgrcwICiWx+80 -To get the whole certificate for imap.fripost.org:993, type the following -command in a shell: - - openssl s_client -connect imap.fripost.org:993 </dev/null - -(For protocols using the STARTTLS directive such as SMTP, you'll have to call -s_client with '-starttls smtp'. Another useful option is '-showcerts', which -prints the whole server certificate chain.) - -You'll find the X.509 certificate wrapped between - - -----BEGIN CERTIFICATE----- - [...] - -----END CERTIFICATE----- - -If you store it (including the delimiters) into /path/to/certificate.pem, -you can then ensure that its fingerprints match the ones above: - - openssl x509 -in /path/to/certificate.pem -noout -fingerprint -sha1 - openssl x509 -in /path/to/certificate.pem -noout -fingerprint -sha256 - -Alternatively, using a pipe: +If your SSL/TLS-capable client is able to validate the public key +fingerprint of the remote peer certificate, then you should probably use +this (the above values prefixed with "PKey") instead of the fingerprint +of the certificate instead (the above values prefixed with "X.509"), +since the former typically doesn't change upon certificate renewal. - openssl s_client -connect imap.fripost.org:993 </dev/null \ - | openssl x509 -noout -fingerprint -sha256 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iQIcBAEBCgAGBQJV5HxgAAoJENOaSZw8IaVS+3AP/j2IK9ZBoh2YIqPhykITs15f -76jM4hcFYTA4Z2p+0g9BQUgay7JvUzyd8ymzwJ23P3RFJzMr2ep5E8/GxSKp4qE3 -tun2YT8iGUCtVC9Rf66LPEW7cLxp6x9hJoBWmsLFvxhnDudCR548BnQGPSAA/eFx -rMY6tt1D5CH8FTCxjciaNVtYKwYpHam6z2tRC87OOI0G1BfV63FEU9eE3xOsCIAM -ic10dctwpWw/uDodS4qOLuHyE9RRiuY9TbnFMJi/KIvSGxgcS0IAJpu/Emdk6g79 -X1Ot8JXaxRqv3cbHhqXbUo7UGY/VnVvFxtAda+9TiY2gz8acTfhxMly16owvnE1r -ad9L44RrWoSa71gP1Qviiid7v3iufHcc77VNs8Lq9RIty0vEzJajfKSMOO1DMeoN -POCV8y9fC6ATPSoGcibA3VZxSC/R+TjhhLmKozlpz+t2yQAXHwkwZKh0ovlywO/G -P0WYnrOaw90LCniLa72qfRALDrL1pST1hCaByc4wT4FCuSPtSUYyHGR9xGyVPkLy -2khAIwpIhNNYpzQs7INKRzBYpvkZtPJAIW6J3IY7xS7rmT71ThvnkaO+y8yAYeOd -joor4JZnVU6pxFPPKZPhtEgTM3R/wX4EUihtxJtl2MJis8/NkLL6y1tXVpOQrSBs -30MYWXh3vv7nzriSi5jO -=sR90 +iQIcBAEBCgAGBQJWYG/jAAoJENOaSZw8IaVSkTsP/ieAh948fsm3/mS0zhxaP8qT +fHajeYjBDn0+0t/HGfLceqswfQuoy4L2h7mNKJIZBlXjOjWjE6C5OSOPohWVmqQb +WUuD/KPWtcxtagIYwCDLYyHGUXbiO/WS4VAOH/NIKDBPo5UHBSrdOQcv4WNvS39f +M/k50q3O5/Hera4hTUI3WLGySkyzA9ZkYpgXI+9jlvWBSkb0qOZT+vlM9MUgeVDe +nmsiIkCPivjWcLtsJVOFBMiSvT0GfmXWnwh2DJgDGHYLqDqQks9ibHCMTFPVpyyS +J5F/LQ+Nbqqg6Pw+PAEi+1MiUvBt4oHp8EETSQu4hQzKp9hLMJnB3SMMwG9ahS5N +AriOQU3HxbAsVGS5JEiUi6u+V+Hm0cfL4Z5S2mrCjJkVB+1IzdAw/pF04Pmejinn +OI8gghyvu2/xGY93VMIM8BK2tU+BWPCRvpJ866ZzRskDPub2vKx3fWlveZTtKf97 +IHBF8pdpN1+JoIAC1RDDFzmpgdfato0nCIuynD57yD2qqV7uctUCJUp0yxmiUCE+ +BFndUzw2Ch6lgH+r2IYeppLrCRlEK0Mg7/R0Zo/ivuy4HNVyrcuM6Emz+3RbBnPX +vMlbVT2WY8KENym5OQZdipj5KoOky9PBB+JzXMZEOVfFTA/PYCeVtWXiEyFP85FI +IMsWchq4/RevrCzOROLP +=mUOT -----END PGP SIGNATURE----- diff --git a/website/certs.mdwn b/website/certs.mdwn index 70e5a28..797cefc 100644 --- a/website/certs.mdwn +++ b/website/certs.mdwn @@ -3,81 +3,93 @@ The following is an up-to date list of SHA-1 and SHA-256 fingerprints of all X.509 certificates Fripost uses on its publicly available services. Please consider any mismatch as a man-in-the-middle attack, and let us know -immediately! -- admin@fripost.org +immediately! (See also the [[signed version of this page|certs.asc]].) +-- [[admin@fripost.org|mailto:admin@fripost.org]] + + +All our X.509 certificates are available in PEM format under our +[[Git repository|https://git.fripost.org/fripost-ansible/tree/certs/public]], +from which this fingerprint list was [[generated|https://git.fripost.org/fripost-ansible/tree/certs/gencerts.sh]], at +[[Commit ID 03bc468 from Wed, 2 Dec 2015 23:14:30 +0100|https://git.fripost.org/fripost-ansible/tree/certs/public?id=03bc468e0dab47c9720d3ffa78ab3880d11870b5]]. + * IMAP server - imap.fripost.org:993 + imap.fripost.org:993 (IMAP over SSL), sieve.fripost.org:4190 (ManageSieve, STARTTLS) - SHA1 8A:81:CF:C3:04:01:BC:C6:58:03:CB:4B:61:F0:C9:0B:09:51:B8:F8 - SHA256 52:BA:FF:9F:7A:6B:7B:50:51:CB:64:BE:46:72:65:8E:D6:FC:3C:CE:5B:6C:9F:9F:E0:58:00:7B:8F:13:6E:D3 + X.509 SHA1 8A:81:CF:C3:04:01:BC:C6:58:03:CB:4B:61:F0:C9:0B:09:51:B8:F8 + X.509 SHA256 52:BA:FF:9F:7A:6B:7B:50:51:CB:64:BE:46:72:65:8E:D6:FC:3C:CE:5B:6C:9F:9F:E0:58:00:7B:8F:13:6E:D3 + PKey SHA1 2C:E3:FB:47:F3:74:38:11:36:D6:5A:44:FF:D4:F5:45:37:96:9E:61 + PKey SHA256 C7:F6:2E:72:F6:63:98:C3:A8:CA:5E:2C:FF:EC:1B:57:A4:8B:1E:45:21:94:62:43:4E:FB:23:7A:0A:95:57:6E * SMTP servers (STARTTLS) smtp.fripost.org:587 (Mail Submission Agent) - SHA1 03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC - SHA256 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB + X.509 SHA1 03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC + X.509 SHA256 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB + PKey SHA1 C9:5F:8B:E8:56:3A:3C:B7:2D:0A:D2:B5:0F:59:0D:E1:C1:26:E7:B5 + PKey SHA256 92:BF:5E:D5:B0:4E:10:19:20:08:C4:70:D6:F3:F7:EC:5F:6E:75:D2:1F:9B:FF:4D:49:BD:B0:8A:68:90:49:BF + mx1.fripost.org:25 (1st Mail eXchange) - SHA1 A5:9D:30:9A:49:4E:45:02:05:4B:D9:F8:12:8E:EE:F3:A8:CD:5C:4A - SHA256 85:C9:C3:07:D6:BB:4E:A2:66:DF:DA:3B:B8:A4:D6:B3:71:B0:48:05:DD:A6:87:83:3F:B5:3E:4F:CF:1E:30:5B + X.509 SHA1 A5:9D:30:9A:49:4E:45:02:05:4B:D9:F8:12:8E:EE:F3:A8:CD:5C:4A + X.509 SHA256 85:C9:C3:07:D6:BB:4E:A2:66:DF:DA:3B:B8:A4:D6:B3:71:B0:48:05:DD:A6:87:83:3F:B5:3E:4F:CF:1E:30:5B + PKey SHA1 CE:37:86:CF:C8:CC:54:FA:46:93:A3:87:41:98:48:38:57:14:57:55 + PKey SHA256 51:26:BF:58:89:19:90:C1:CD:0B:15:88:22:99:94:66:00:15:D1:37:DA:46:AA:F6:E9:76:27:F9:D2:5A:EF:B4 + mx2.fripost.org:25 (2nd Mail eXchange) - SHA1 67:67:D2:A6:0A:E5:8F:83:A9:85:26:01:71:80:24:C6:0B:DA:30:4F - SHA256 B1:F4:82:E9:6E:B7:B0:0A:4A:FE:BD:92:6C:8D:EE:F6:6E:8C:1B:33:D3:7A:4B:6E:FB:37:D9:21:62:99:C2:73 + X.509 SHA1 67:67:D2:A6:0A:E5:8F:83:A9:85:26:01:71:80:24:C6:0B:DA:30:4F + X.509 SHA256 B1:F4:82:E9:6E:B7:B0:0A:4A:FE:BD:92:6C:8D:EE:F6:6E:8C:1B:33:D3:7A:4B:6E:FB:37:D9:21:62:99:C2:73 + PKey SHA1 8B:FA:A2:46:4A:83:2E:B4:3F:D0:F8:95:C9:7F:1A:DD:E9:58:30:53 + PKey SHA256 8A:58:76:E6:AD:55:4A:44:FB:E8:03:F2:56:1E:98:04:23:32:EA:BD:83:20:AC:D9:6D:3C:74:69:F4:9F:02:A0 * Web servers - fripost.org:443 (website), mail.fripost.org:443 (webmail), wiki.fripost.org:443 (wiki) + fripost.org:443 (website), wiki.fripost.org:443 (wiki) - SHA1 E1:82:59:FD:7F:9A:11:EF:DC:1B:46:3B:AB:9F:F6:BB:A0:E4:D4:59 - SHA256 7D:F2:7C:67:90:91:EB:5E:1E:25:D0:7B:A4:A5:72:9F:EA:20:EC:F0:74:1C:25:66:1D:72:56:A3:3B:53:D9:9A + X.509 SHA1 E1:82:59:FD:7F:9A:11:EF:DC:1B:46:3B:AB:9F:F6:BB:A0:E4:D4:59 + X.509 SHA256 7D:F2:7C:67:90:91:EB:5E:1E:25:D0:7B:A4:A5:72:9F:EA:20:EC:F0:74:1C:25:66:1D:72:56:A3:3B:53:D9:9A + PKey SHA1 5B:D6:82:A7:D2:CB:67:54:54:CD:69:42:AA:E5:89:14:68:87:11:47 + PKey SHA256 CC:F1:F4:6C:54:29:04:05:5A:96:7E:20:8F:87:53:45:BE:CB:72:8E:40:E0:53:40:32:C0:B2:DC:E0:14:FD:BD - lists.fripost.org:443 (list manager) - - SHA1 9B:EA:15:0C:B3:17:EC:CB:E5:38:DA:93:5C:1D:52:98:13:E4:8A:BC - SHA256 04:86:AF:AB:68:35:D2:48:0C:F3:55:54:98:5D:2A:48:69:D7:C5:B2:CC:1C:F7:6F:F8:54:25:CF:E5:91:88:21 - git.fripost.org:443 (git server), gitweb.fripost.org:443 (gitweb interface) + mail.fripost.org:443 (webmail) - SHA1 70:14:8A:A0:29:8E:53:65:8E:23:CF:BA:45:F1:0F:CB:68:81:AC:B6 - SHA256 84:2A:13:7A:B2:20:25:D6:38:8C:EE:8B:BC:A2:60:C5:AC:CD:8A:6B:67:17:B4:78:7F:97:3F:DE:7B:7D:83:B2 - - * SSH server + X.509 SHA1 E1:82:59:FD:7F:9A:11:EF:DC:1B:46:3B:AB:9F:F6:BB:A0:E4:D4:59 + X.509 SHA256 7D:F2:7C:67:90:91:EB:5E:1E:25:D0:7B:A4:A5:72:9F:EA:20:EC:F0:74:1C:25:66:1D:72:56:A3:3B:53:D9:9A + PKey SHA1 5B:D6:82:A7:D2:CB:67:54:54:CD:69:42:AA:E5:89:14:68:87:11:47 + PKey SHA256 CC:F1:F4:6C:54:29:04:05:5A:96:7E:20:8F:87:53:45:BE:CB:72:8E:40:E0:53:40:32:C0:B2:DC:E0:14:FD:BD - gitolite@git.fripost.org - RSA MD5:0b:e5:47:44:71:cb:41:7d:1e:1b:25:bc:28:e8:c3:a2 - RSA SHA256:zNZXfa/okPm/tV9dl3gNlizfXAghrMSgrcwICiWx+80 - - -To get the whole certificate for imap.fripost.org:993, type the following -command in a shell: + lists.fripost.org:443 (list manager) - openssl s_client -connect imap.fripost.org:993 </dev/null + X.509 SHA1 9B:EA:15:0C:B3:17:EC:CB:E5:38:DA:93:5C:1D:52:98:13:E4:8A:BC + X.509 SHA256 04:86:AF:AB:68:35:D2:48:0C:F3:55:54:98:5D:2A:48:69:D7:C5:B2:CC:1C:F7:6F:F8:54:25:CF:E5:91:88:21 + PKey SHA1 50:D8:27:64:38:DF:33:D4:C0:08:02:F3:B9:B2:D6:7C:01:44:B4:32 + PKey SHA256 4E:BC:33:F9:8E:79:F8:4C:D7:AE:FA:CD:EB:BD:05:3F:96:7C:83:88:CA:AC:B5:B1:2C:E4:88:12:B2:A6:8D:18 -(For protocols using the STARTTLS directive such as SMTP, you'll have to call -s_client with '-starttls smtp'. Another useful option is '-showcerts', which -prints the whole server certificate chain.) -You'll find the X.509 certificate wrapped between + git.fripost.org:443 (git server and its web interface) - -----BEGIN CERTIFICATE----- - [...] - -----END CERTIFICATE----- + X.509 SHA1 70:14:8A:A0:29:8E:53:65:8E:23:CF:BA:45:F1:0F:CB:68:81:AC:B6 + X.509 SHA256 84:2A:13:7A:B2:20:25:D6:38:8C:EE:8B:BC:A2:60:C5:AC:CD:8A:6B:67:17:B4:78:7F:97:3F:DE:7B:7D:83:B2 + PKey SHA1 69:92:D4:A3:EF:57:3A:52:38:E5:9B:E1:91:0F:2D:62:FA:8B:E3:6A + PKey SHA256 4A:48:DB:F7:68:FA:C8:97:A2:8E:AA:60:F3:00:75:E2:CF:85:A2:3B:CD:DB:66:81:F8:16:46:87:41:7F:CE:E2 -If you store it (including the delimiters) into /path/to/certificate.pem, -you can then ensure that its fingerprints match the ones above: + * SSH server - openssl x509 -in /path/to/certificate.pem -noout -fingerprint -sha1 - openssl x509 -in /path/to/certificate.pem -noout -fingerprint -sha256 + gitolite@git.fripost.org:22 -Alternatively, using a pipe: + RSA MD5:0b:e5:47:44:71:cb:41:7d:1e:1b:25:bc:28:e8:c3:a2 + RSA SHA256:zNZXfa/okPm/tV9dl3gNlizfXAghrMSgrcwICiWx+80 - openssl s_client -connect imap.fripost.org:993 </dev/null \ - | openssl x509 -noout -fingerprint -sha256 -Also refer to the [[signed version of this page|certs.asc]] +If your SSL/TLS-capable client is able to validate the public key +fingerprint of the remote peer certificate, then you should probably use +this (the above values prefixed with "PKey") instead of the fingerprint +of the certificate instead (the above values prefixed with "X.509"), +since the former typically doesn't change upon certificate renewal. |