SSL Certificate
Site Certificate
Here is a text copy of the SSL certificate which belongs to this site:
-----BEGIN CERTIFICATE----- MIID7zCCA1igAwIBAgIJAJUh5K+fZA6bMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD VQQGEwJHQjEQMA4GA1UECBMHRW5nbGFuZDETMBEGA1UEBxMKTWFuY2hlc3RlcjEe MBwGA1UEChMVRGViaWFuIEFkbWluaXN0cmF0aW9uMSYwJAYDVQQDEx13d3cuZGVi aWFuLWFkbWluaXN0cmF0aW9uLm9yZzEuMCwGCSqGSIb3DQEJARYfc3RldmVAZGVi aWFuLWFkbWluaXN0cmF0aW9uLm9yZzAeFw0xMjA4MjUxNDI0MzFaFw0yMjA4MjMx NDI0MzFaMIGsMQswCQYDVQQGEwJHQjEQMA4GA1UECBMHRW5nbGFuZDETMBEGA1UE BxMKTWFuY2hlc3RlcjEeMBwGA1UEChMVRGViaWFuIEFkbWluaXN0cmF0aW9uMSYw JAYDVQQDEx13d3cuZGViaWFuLWFkbWluaXN0cmF0aW9uLm9yZzEuMCwGCSqGSIb3 DQEJARYfc3RldmVAZGViaWFuLWFkbWluaXN0cmF0aW9uLm9yZzCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxGrzFDA2zYP6boeCw5SIrZyko/kAK8yoDW0xiBjl 2PU92eoBBpbZLWlrvxz1r+vRvYKBiu/LPgJ8U7wwoWzjYXJ44v2gcexSlbJ7OEOd eSTbL05i//d0m7+zMb6gRDwPDQRPREEEBPT6cd6TV3AtpeRZAotVvLc3VhVo89+E LRECAwEAAaOCARUwggERMB0GA1UdDgQWBBRIEZaGUytoEhkSlrMaGcKQUuGUZjCB 4QYDVR0jBIHZMIHWgBRIEZaGUytoEhkSlrMaGcKQUuGUZqGBsqSBrzCBrDELMAkG A1UEBhMCR0IxEDAOBgNVBAgTB0VuZ2xhbmQxEzARBgNVBAcTCk1hbmNoZXN0ZXIx HjAcBgNVBAoTFURlYmlhbiBBZG1pbmlzdHJhdGlvbjEmMCQGA1UEAxMdd3d3LmRl Ymlhbi1hZG1pbmlzdHJhdGlvbi5vcmcxLjAsBgkqhkiG9w0BCQEWH3N0ZXZlQGRl Ymlhbi1hZG1pbmlzdHJhdGlvbi5vcmeCCQCVIeSvn2QOmzAMBgNVHRMEBTADAQH/ MA0GCSqGSIb3DQEBBQUAA4GBAJ0u6lv12oR54GsixjfQte2wQVW0/sqyne36eY3Q 0IeMa4/QCvOTcQCHHDKVUP0sLgoMkyPxOezhLosCmLthBDe1eVphwmPhOycSgcgn IxtzeeiHe+Y0nzNiRzSavadxmt8t5yqIW8rGvMo0P1r2Wr8AKI9B0+gfvOTOgNsN hKB6 -----END CERTIFICATE-----
This certificate was obtained by executing:
/usr/bin/openssl s_client -connect localhost:443
Certificate Signature
This certificate is signed by my GPG key, which you can find using your favourite keyserver (or in the debian-keyring package):
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN CERTIFICATE----- MIID7zCCA1igAwIBAgIJAJUh5K+fZA6bMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD VQQGEwJHQjEQMA4GA1UECBMHRW5nbGFuZDETMBEGA1UEBxMKTWFuY2hlc3RlcjEe MBwGA1UEChMVRGViaWFuIEFkbWluaXN0cmF0aW9uMSYwJAYDVQQDEx13d3cuZGVi aWFuLWFkbWluaXN0cmF0aW9uLm9yZzEuMCwGCSqGSIb3DQEJARYfc3RldmVAZGVi aWFuLWFkbWluaXN0cmF0aW9uLm9yZzAeFw0xMjA4MjUxNDI0MzFaFw0yMjA4MjMx NDI0MzFaMIGsMQswCQYDVQQGEwJHQjEQMA4GA1UECBMHRW5nbGFuZDETMBEGA1UE BxMKTWFuY2hlc3RlcjEeMBwGA1UEChMVRGViaWFuIEFkbWluaXN0cmF0aW9uMSYw JAYDVQQDEx13d3cuZGViaWFuLWFkbWluaXN0cmF0aW9uLm9yZzEuMCwGCSqGSIb3 DQEJARYfc3RldmVAZGViaWFuLWFkbWluaXN0cmF0aW9uLm9yZzCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxGrzFDA2zYP6boeCw5SIrZyko/kAK8yoDW0xiBjl 2PU92eoBBpbZLWlrvxz1r+vRvYKBiu/LPgJ8U7wwoWzjYXJ44v2gcexSlbJ7OEOd eSTbL05i//d0m7+zMb6gRDwPDQRPREEEBPT6cd6TV3AtpeRZAotVvLc3VhVo89+E LRECAwEAAaOCARUwggERMB0GA1UdDgQWBBRIEZaGUytoEhkSlrMaGcKQUuGUZjCB 4QYDVR0jBIHZMIHWgBRIEZaGUytoEhkSlrMaGcKQUuGUZqGBsqSBrzCBrDELMAkG A1UEBhMCR0IxEDAOBgNVBAgTB0VuZ2xhbmQxEzARBgNVBAcTCk1hbmNoZXN0ZXIx HjAcBgNVBAoTFURlYmlhbiBBZG1pbmlzdHJhdGlvbjEmMCQGA1UEAxMdd3d3LmRl Ymlhbi1hZG1pbmlzdHJhdGlvbi5vcmcxLjAsBgkqhkiG9w0BCQEWH3N0ZXZlQGRl Ymlhbi1hZG1pbmlzdHJhdGlvbi5vcmeCCQCVIeSvn2QOmzAMBgNVHRMEBTADAQH/ MA0GCSqGSIb3DQEBBQUAA4GBAJ0u6lv12oR54GsixjfQte2wQVW0/sqyne36eY3Q 0IeMa4/QCvOTcQCHHDKVUP0sLgoMkyPxOezhLosCmLthBDe1eVphwmPhOycSgcgn IxtzeeiHe+Y0nzNiRzSavadxmt8t5yqIW8rGvMo0P1r2Wr8AKI9B0+gfvOTOgNsN hKB6 - -----END CERTIFICATE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlA44JsACgkQwM/Gs81MDZ3lPQCfd95qPwCbNDs4vB7kiS7zpBd4 njIAoNwHVIvbtIdi3vRIi7VZgUqOcQuK =e+DH -----END PGP SIGNATURE-----
Verifying the certificate
You can verify the validity of this certificate-signature by running the following commands:
wget -q -O- 'http://www.debian-administration.org/about/SSL%20Certificate' | \ gpg --decrypt | \ openssl x509 -fingerprint -subject -out d-a.org.crt
This should give you output which looks something like this:
SHA1 Fingerprint=77:81:BF:F8:69:55:61:3F:5B:44:15:F9:B9:71:45:55:A8:00:F6:CB subject= /C=GB/ST=Scotland/L=Edinburgh/O=Debian Administration/CN=www.debian-administration.org/emailAddress=webmaster@debian-administration.org gpg: Signature made Mon 07 May 2012 06:48:01 BST using DSA key ID CD4C0D9D gpg: checking the trustdb gpg: no ultimately trusted keys found gpg: Good signature from "Steve Kemp [steve@steve.org.uk]" gpg: aka "Steve Kemp [skx@debian.org]" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DB1F F3FB 1D08 FC01 ED22 2243 C0CF C6B3 CD4C 0D9D
If you receive errors please do let me know
Mandatory Secure Logins
If you wish to ensure that you always receive a secure connection, a secure login, and that people cannot sniff your traffic in transite you can visit the advanced login page to setup your options.