Updating SSL keys on fedoraproject.org 2011-03-10
Petr Pisar
ppisar at redhat.com
Thu Mar 10 08:07:15 UTC 2011
On 2011-03-10, Stephen Smoogen <smooge at gmail.com> wrote:
>
> We have already updated fedorahosted.org and will now be updating the
> cert for the main site: fedoraproject.org.
>
> The old certificate came from Equifax, was a 1024 bit key and had the
> fingerprint:
[...]
> The new certificate is issued by GeoTrust, Inc and is a 4096 bit key
> with the fingerprint:
>
Key length is not everything. Didn't you forget to upgrade hash
algorithm? Sticking on SHA-1 that's been abandoned by ETSI and other
authorities does not look most safely.
-- Petr
More information about the devel
mailing list