[gtld-tech] TMCH: HIGHLY Insecure SSL config / certificates.

Klaus Malorny Klaus.Malorny at knipp.de
Fri Jun 26 08:27:20 UTC 2015

On 26.06.2015 10:13, Alexander Mayrhofer wrote:
> All,
> it seems like the TMCH has rolled out a new certificate on the various
> marksdb.org interfaces. Besides the fact that the certificate now uses an
> intermediate cert that was not delivered with the chain (and hence made our
> TLS connect fail initially)[...}
> Thanks, Alex

Hi all,

we noticed the missing intermediate certificate on the test and production 
systems yesterday evening (and informed IBM about that). From our perspective, 
it is not the right way that the clients (i.e. the registries) include the 
intermediate certificate into their trust stores, but that the server delivers 
it with its own certificate, as the former would defeat the idea behind the 
chain of trust.



      |       |
      | knipp |               Knipp  Medien und Kommunikation GmbH
       -------                       Technologiepark
                                     Martin-Schmeißer-Weg 9
                                     44227 Dortmund

      Geschäftsführer:               Registereintrag:
      Dietmar Knipp, Elmar Knipp     Amtsgericht Dortmund, HRB 13728

      Kontaktdaten/contact data via  http://klaus.tel

More information about the gtld-tech mailing list