Die SHA1-Prüfsumme des neuen bis Ende März 2012 gültigen Zertifikates lautet:
Code: Alles auswählen
b1 b3 27 b3 1e cb d7 26 35 14 87 1f 69 08 48 09 a5 13 b1 40
Code: Alles auswählen
b1 b3 27 b3 1e cb d7 26 35 14 87 1f 69 08 48 09 a5 13 b1 40
A potentially compromised SSL certicitate has been detected
Access to the following URL may not be secure:
viewtopic.php?f=5&t=119430
A subordinate CA certificate has been signed using the MD5 algorithm.
It is recommended that you do not exchange sensitive data with this website.
aus: http://blog.cacert.org/2009/01/356.htmlCAcert has switched from MD5 to SHA-1 for certificate-issueing a few years ago, when the first research results were made public that indicated that such an attack will become feasible.
Code: Alles auswählen
openssl req -newkey rsa:2048 -nodes -keyout apache.key -out apache.csr
Also ist das gerade genauso wie es aussieht. Da andere Zertifizierungsstellen für ihre root Zertifikate sonst sha1 nutzen wirft das kein besonders gutes Licht auf cacert. Aber immerhin - sie arbeiten daran. Mitte des Sommers ist ja nur 2-3 Monate entfernt.There is a new root creation process being designed
...
The short of it is, new roots are going to be prepared, and SHA1 or perhaps SHA2 are going to be used for them. However, the process requires a great deal of careful planning beforehand, which is not completely done; hopefully the creation ceremony will be able to take place around the middle of the year or so, but we'll see.