[gtld-tech] TMCH: HIGHLY Insecure SSL config / certificates.
Klaus Malorny
Klaus.Malorny at knipp.de
Fri Jun 26 08:27:20 UTC 2015
On 26.06.2015 10:13, Alexander Mayrhofer wrote:
> All,
>
> it seems like the TMCH has rolled out a new certificate on the various
> marksdb.org interfaces. Besides the fact that the certificate now uses an
> intermediate cert that was not delivered with the chain (and hence made our
> TLS connect fail initially)[...}
>
> Thanks, Alex
>
>
Hi all,
we noticed the missing intermediate certificate on the test and production
systems yesterday evening (and informed IBM about that). From our perspective,
it is not the right way that the clients (i.e. the registries) include the
intermediate certificate into their trust stores, but that the server delivers
it with its own certificate, as the former would defeat the idea behind the
chain of trust.
Regards,
Klaus
--
___________________________________________________________________________
| |
| knipp | Knipp Medien und Kommunikation GmbH
------- Technologiepark
Martin-Schmeißer-Weg 9
44227 Dortmund
Geschäftsführer: Registereintrag:
Dietmar Knipp, Elmar Knipp Amtsgericht Dortmund, HRB 13728
Kontaktdaten/contact data via http://klaus.tel
More information about the gtld-tech
mailing list