[Juser] those pesky security warnings

Peter Saint-Andre stpeter at stpeter.im
Wed Mar 6 03:43:50 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tl;dr You shouldn't see those pesky security warnings anymore.

In December of last year, I installed a new security certificate at
jabber.org. When obtaining the certificate from StartSSL, I asked for
a SHA-256 fingerprint, rather than a SHA-1 fingerprint. Theoretically,
SHA-256 is more secure, but not if your software doesn't understand
SHA-256 -- in that case, your client will show you a security warning
(and your server might refuse to connect to jabber.org). It took me a
while (I had to upgrade my status at StartSSL to Class 2, and that
verification process requires both money and time), but this evening I
finally installed a corrected certificate using a SHA-1 fingerprint.
As a result, if you've been seeing security warnings for the last 10
weeks or so, you shouldn't see them the next time you log in.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRNrt1AAoJEOoGpJErxa2p8jIP/igm/5tsrluIFTd6XVGufgSH
n2YZ6zSScefIWl/fYAAbg88uonuJTkmJ/2l+bJHH1BhaskMddmUP7U9DOSiBkBbI
qazISrYTCgwEanYiY/P+kkRmcq/e8tgnv1M70c+AiwL6OfKHC6IN4MfMjGYRh7UZ
JEgJLpEJcpp8/ojb1jqUcTvylap45cZMDU52w4cQctKRMK8J6pA+bpmKB9pIcRcx
ON/joDxpzJNbZQ35nuwccgBVKT+ctgy7Y8/h1uVUkZ/uLbqeIhy0KpmoMuuZYTvR
dlHFl7gv2LUxg3C3bScJQjz/BQlvZxtzOOCLpv29M/xfBtdxR1Oj3qq0TzqB8sal
2pVsGoWyJCbjinlx9OTxcQXwAUpTnC7EKf7tONPp4cK56Fnsl99Cr6X6IcO8JaHn
BQDum0ZoQGleR+pY4Q6z9+CbnEU1DtkovLYJQveB5j/5EzcQsyTQ5+qRpd9B3LQi
iBtMYNYN4Gh1Im8E6/G8TPq6vkgYOr28g77s5lSvu+WGEG/2T2tjzlEYCxExk4E2
QpUj68SN8UoO0c6IB+1yz3VxGNiw/8Wdn73H+/WTvO77qa0oy/UoAFQ0mZCWfZcw
0Qmpq4DgFAU8z8rfTaedFKBSUG19O9h4Y0WAxtM+5ysXlVBIlEgcArvDxwtJm9I6
E1+vW6rmrrJroqPu3MzG
=napx
-----END PGP SIGNATURE-----


More information about the JUser mailing list