website/certs.mdwn


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

# Certificates at Fripost

The following is an up-to date list of SHA-1 and SHA-256 fingerprints of all
X.509 certificates Fripost uses on its publicly available services.  Please
consider any mismatch as a man-in-the-middle attack, and let us know
immediately!  (See also the [[signed version of this page|certs.asc]].)
-- [[admin@fripost.org|mailto:admin@fripost.org]]


All our X.509 certificates are available in PEM format under our
[[Git repository|https://git.fripost.org/fripost-ansible/tree/certs/public]],
from which this fingerprint list was [[generated|https://git.fripost.org/fripost-ansible/tree/certs/gencerts.sh]], at
[[Commit ID 03bc468 from Wed, 2 Dec 2015 23:14:30 +0100|https://git.fripost.org/fripost-ansible/tree/certs/public?id=03bc468e0dab47c9720d3ffa78ab3880d11870b5]].


 * IMAP server

    imap.fripost.org:993 (IMAP over SSL), sieve.fripost.org:4190 (ManageSieve, STARTTLS)

        X.509 SHA1   D0:05:4C:E8:72:BE:24:5A:03:5B:7E:FC:40:B6:5A:AD:3F:38:8A:7C
        X.509 SHA256 38:7C:C5:36:C1:D1:87:7B:63:3D:EE:76:11:3D:D9:E7:2E:BE:54:13:F3:15:FE:3B:58:3D:0A:2F:6B:6F:58:04
        PKey  SHA1   79:EE:C2:1B:9B:5A:67:D8:1F:DF:D2:F5:2A:A3:68:EB:02:FF:5A:F2
        PKey  SHA256 60:DB:17:31:FC:F1:F8:60:DE:7E:84:C1:A2:C4:8C:B9:CD:ED:00:47:50:B2:1F:BF:67:61:6B:13:E8:AD:7D:E5

 * SMTP servers (STARTTLS)

    smtp.fripost.org:587 (Mail Submission Agent)

        X.509 SHA1   31:86:3C:FF:9B:DB:28:48:21:F4:68:3D:43:43:98:94:35:74:93:20
        X.509 SHA256 3E:56:98:15:A2:5A:DA:FA:62:80:6F:08:E0:8E:20:C7:89:E0:E6:9C:5B:25:10:2D:52:80:E8:DB:AC:0A:1B:81
        PKey  SHA1   A7:DB:17:4B:55:94:7B:8F:BB:90:5F:BC:48:CC:99:FD:29:73:C7:D8
        PKey  SHA256 A2:72:6E:C6:51:4D:66:70:AA:F4:90:08:C1:7A:3F:28:F9:2E:E9:81:E5:30:D1:0E:19:D6:84:7C:EA:A3:C9:05


    mx1.fripost.org:25 (1st Mail eXchange)

        X.509 SHA1   80:09:E6:ED:2A:F4:0A:45:D2:EE:16:72:29:70:27:C5:3B:DC:0B:75
        X.509 SHA256 9E:FD:43:FD:0E:7A:91:B6:F5:10:EF:CA:25:F7:1B:73:1A:83:40:92:F6:04:DC:E7:48:8A:21:EC:93:35:6B:46
        PKey  SHA1   DF:D7:33:FB:96:EC:39:58:4E:31:05:35:E0:DF:EA:59:27:90:D4:0D
        PKey  SHA256 63:C2:A1:DC:E0:BC:20:A6:CD:E1:6E:AE:1C:EC:71:CF:42:27:0D:1E:46:0F:03:9D:C2:FD:EA:1E:27:48:70:BA


    mx2.fripost.org:25 (2nd Mail eXchange)

        X.509 SHA1   66:F4:09:87:8E:F1:FA:A6:5B:E0:91:B3:17:A5:77:95:B0:58:A8:35
        X.509 SHA256 AF:97:80:7A:6F:29:AF:59:53:13:7F:11:C3:04:17:9F:70:F0:6A:28:E5:A4:C9:E3:23:EC:94:72:0E:65:1F:0A
        PKey  SHA1   A0:85:B9:51:9F:F1:71:3C:F6:61:C1:6A:7E:DC:F4:91:8A:64:32:11
        PKey  SHA256 93:07:B7:87:81:24:E4:E7:9F:98:71:EE:88:CB:9D:4A:82:EA:9E:7C:27:06:5A:21:A8:1D:90:25:67:A8:D2:7A

 * Web servers

    fripost.org:443 (website), wiki.fripost.org:443 (wiki)

        X.509 SHA1   5A:A1:E3:12:A0:24:E9:06:D3:85:08:7B:32:F6:CB:D3:2F:9B:EC:16
        X.509 SHA256 D1:9D:94:B7:4A:B7:FE:F8:E0:75:17:04:2D:86:6A:91:58:61:6C:AD:65:C4:02:A9:C1:B1:30:33:C5:D5:57:58
        PKey  SHA1   B8:CB:E1:30:7E:BA:03:C3:DB:BE:BF:65:FD:80:68:F8:D3:E0:1C:7D
        PKey  SHA256 7D:0F:A0:6A:EE:F6:8B:03:9F:EA:B9:97:BD:8E:FF:41:E9:81:FA:46:21:8B:13:C2:63:F0:3F:10:8A:F7:6A:DB


    mail.fripost.org:443 (webmail)

        X.509 SHA1   29:57:E5:E3:88:31:FC:0F:E5:77:0F:38:D4:45:F3:1B:AA:E6:D4:E0
        X.509 SHA256 45:BD:5D:DB:FF:7F:D0:45:E3:48:BA:A7:48:32:13:21:0A:EA:A1:93:A2:0B:C1:FE:4A:5B:24:6E:8A:DF:C4:1D
        PKey  SHA1   4F:E7:42:40:98:35:51:CF:93:65:EF:F2:D1:7C:3C:46:60:64:2C:30
        PKey  SHA256 48:77:E7:88:C1:1A:A7:17:98:A3:96:13:FF:68:CF:FA:7F:96:B2:D3:5A:62:08:43:32:16:54:69:D2:E5:3C:39


    lists.fripost.org:443 (list manager)

        X.509 SHA1   C8:A6:A2:C9:9D:54:82:13:5F:DE:4C:29:D6:89:46:A0:24:9A:0B:44
        X.509 SHA256 66:6A:50:D1:1E:39:AC:22:21:FD:6D:E5:B7:60:EE:21:9E:AA:FF:E2:DC:91:91:01:5C:E6:E6:05:A6:44:6C:83
        PKey  SHA1   E9:45:89:19:95:44:B1:C7:61:C1:75:4B:A1:3F:8C:38:D4:10:A5:33
        PKey  SHA256 38:BC:75:84:E1:2A:9C:27:52:FF:B6:60:CD:3C:C0:97:C2:20:FC:2C:29:CF:93:18:F4:9F:45:8A:C8:60:EB:FD


    git.fripost.org:443 (git server and its web interface)

        X.509 SHA1   BF:69:8F:8D:57:09:5C:F1:CA:3D:45:33:7C:5B:75:65:F3:0B:94:EA
        X.509 SHA256 AB:7F:65:FC:9E:F5:B8:0E:15:3C:C7:DB:74:D2:24:D4:6E:47:A7:E9:43:57:D8:4B:A4:CC:8F:1F:42:DE:46:CD
        PKey  SHA1   02:D7:7C:F0:16:F4:55:0D:C3:6B:A1:C4:B6:95:1B:65:26:64:C8:28
        PKey  SHA256 1C:EA:22:5E:00:BB:B6:89:73:67:7D:5B:EB:95:33:6C:02:A1:A4:20:80:EC:8D:22:35:D3:BB:34:4B:8B:D2:55

 * SSH server

    gitolite@git.fripost.org:22

        RSA    MD5:0b:e5:47:44:71:cb:41:7d:1e:1b:25:bc:28:e8:c3:a2
        RSA SHA256:zNZXfa/okPm/tV9dl3gNlizfXAghrMSgrcwICiWx+80


If your SSL/TLS-capable client is able to validate the public key
fingerprint of the remote peer certificate, then you should probably use
this (the above values prefixed with "PKey") instead of the fingerprint
of the certificate instead (the above values prefixed with "X.509"),
since the former typically doesn't change upon certificate renewal.