SSL Certificate

Site Certificate

Here is a text copy of the SSL certificate which belongs to this site:

-----BEGIN CERTIFICATE-----
MIID7zCCA1igAwIBAgIJAJUh5K+fZA6bMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD
VQQGEwJHQjEQMA4GA1UECBMHRW5nbGFuZDETMBEGA1UEBxMKTWFuY2hlc3RlcjEe
MBwGA1UEChMVRGViaWFuIEFkbWluaXN0cmF0aW9uMSYwJAYDVQQDEx13d3cuZGVi
aWFuLWFkbWluaXN0cmF0aW9uLm9yZzEuMCwGCSqGSIb3DQEJARYfc3RldmVAZGVi
aWFuLWFkbWluaXN0cmF0aW9uLm9yZzAeFw0xMjA4MjUxNDI0MzFaFw0yMjA4MjMx
NDI0MzFaMIGsMQswCQYDVQQGEwJHQjEQMA4GA1UECBMHRW5nbGFuZDETMBEGA1UE
BxMKTWFuY2hlc3RlcjEeMBwGA1UEChMVRGViaWFuIEFkbWluaXN0cmF0aW9uMSYw
JAYDVQQDEx13d3cuZGViaWFuLWFkbWluaXN0cmF0aW9uLm9yZzEuMCwGCSqGSIb3
DQEJARYfc3RldmVAZGViaWFuLWFkbWluaXN0cmF0aW9uLm9yZzCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAxGrzFDA2zYP6boeCw5SIrZyko/kAK8yoDW0xiBjl
2PU92eoBBpbZLWlrvxz1r+vRvYKBiu/LPgJ8U7wwoWzjYXJ44v2gcexSlbJ7OEOd
eSTbL05i//d0m7+zMb6gRDwPDQRPREEEBPT6cd6TV3AtpeRZAotVvLc3VhVo89+E
LRECAwEAAaOCARUwggERMB0GA1UdDgQWBBRIEZaGUytoEhkSlrMaGcKQUuGUZjCB
4QYDVR0jBIHZMIHWgBRIEZaGUytoEhkSlrMaGcKQUuGUZqGBsqSBrzCBrDELMAkG
A1UEBhMCR0IxEDAOBgNVBAgTB0VuZ2xhbmQxEzARBgNVBAcTCk1hbmNoZXN0ZXIx
HjAcBgNVBAoTFURlYmlhbiBBZG1pbmlzdHJhdGlvbjEmMCQGA1UEAxMdd3d3LmRl
Ymlhbi1hZG1pbmlzdHJhdGlvbi5vcmcxLjAsBgkqhkiG9w0BCQEWH3N0ZXZlQGRl
Ymlhbi1hZG1pbmlzdHJhdGlvbi5vcmeCCQCVIeSvn2QOmzAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBBQUAA4GBAJ0u6lv12oR54GsixjfQte2wQVW0/sqyne36eY3Q
0IeMa4/QCvOTcQCHHDKVUP0sLgoMkyPxOezhLosCmLthBDe1eVphwmPhOycSgcgn
IxtzeeiHe+Y0nzNiRzSavadxmt8t5yqIW8rGvMo0P1r2Wr8AKI9B0+gfvOTOgNsN
hKB6
-----END CERTIFICATE-----

This certificate was obtained by executing:

/usr/bin/openssl s_client -connect localhost:443

Certificate Signature

This certificate is signed by my GPG key, which you can find using your favourite keyserver (or in the debian-keyring package):

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN CERTIFICATE-----
MIID7zCCA1igAwIBAgIJAJUh5K+fZA6bMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD
VQQGEwJHQjEQMA4GA1UECBMHRW5nbGFuZDETMBEGA1UEBxMKTWFuY2hlc3RlcjEe
MBwGA1UEChMVRGViaWFuIEFkbWluaXN0cmF0aW9uMSYwJAYDVQQDEx13d3cuZGVi
aWFuLWFkbWluaXN0cmF0aW9uLm9yZzEuMCwGCSqGSIb3DQEJARYfc3RldmVAZGVi
aWFuLWFkbWluaXN0cmF0aW9uLm9yZzAeFw0xMjA4MjUxNDI0MzFaFw0yMjA4MjMx
NDI0MzFaMIGsMQswCQYDVQQGEwJHQjEQMA4GA1UECBMHRW5nbGFuZDETMBEGA1UE
BxMKTWFuY2hlc3RlcjEeMBwGA1UEChMVRGViaWFuIEFkbWluaXN0cmF0aW9uMSYw
JAYDVQQDEx13d3cuZGViaWFuLWFkbWluaXN0cmF0aW9uLm9yZzEuMCwGCSqGSIb3
DQEJARYfc3RldmVAZGViaWFuLWFkbWluaXN0cmF0aW9uLm9yZzCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAxGrzFDA2zYP6boeCw5SIrZyko/kAK8yoDW0xiBjl
2PU92eoBBpbZLWlrvxz1r+vRvYKBiu/LPgJ8U7wwoWzjYXJ44v2gcexSlbJ7OEOd
eSTbL05i//d0m7+zMb6gRDwPDQRPREEEBPT6cd6TV3AtpeRZAotVvLc3VhVo89+E
LRECAwEAAaOCARUwggERMB0GA1UdDgQWBBRIEZaGUytoEhkSlrMaGcKQUuGUZjCB
4QYDVR0jBIHZMIHWgBRIEZaGUytoEhkSlrMaGcKQUuGUZqGBsqSBrzCBrDELMAkG
A1UEBhMCR0IxEDAOBgNVBAgTB0VuZ2xhbmQxEzARBgNVBAcTCk1hbmNoZXN0ZXIx
HjAcBgNVBAoTFURlYmlhbiBBZG1pbmlzdHJhdGlvbjEmMCQGA1UEAxMdd3d3LmRl
Ymlhbi1hZG1pbmlzdHJhdGlvbi5vcmcxLjAsBgkqhkiG9w0BCQEWH3N0ZXZlQGRl
Ymlhbi1hZG1pbmlzdHJhdGlvbi5vcmeCCQCVIeSvn2QOmzAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBBQUAA4GBAJ0u6lv12oR54GsixjfQte2wQVW0/sqyne36eY3Q
0IeMa4/QCvOTcQCHHDKVUP0sLgoMkyPxOezhLosCmLthBDe1eVphwmPhOycSgcgn
IxtzeeiHe+Y0nzNiRzSavadxmt8t5yqIW8rGvMo0P1r2Wr8AKI9B0+gfvOTOgNsN
hKB6
- -----END CERTIFICATE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlA44JsACgkQwM/Gs81MDZ3lPQCfd95qPwCbNDs4vB7kiS7zpBd4
njIAoNwHVIvbtIdi3vRIi7VZgUqOcQuK
=e+DH
-----END PGP SIGNATURE-----

Verifying the certificate

You can verify the validity of this certificate-signature by running the following commands:

 wget -q -O- 'http://www.debian-administration.org/about/SSL%20Certificate' | \
   gpg --decrypt | \
   openssl x509 -fingerprint -subject -out d-a.org.crt

This should give you output which looks something like this:

SHA1 Fingerprint=77:81:BF:F8:69:55:61:3F:5B:44:15:F9:B9:71:45:55:A8:00:F6:CB
subject= /C=GB/ST=Scotland/L=Edinburgh/O=Debian Administration/CN=www.debian-administration.org/emailAddress=webmaster@debian-administration.org
gpg: Signature made Mon 07 May 2012 06:48:01 BST using DSA key ID CD4C0D9D
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "Steve Kemp [steve@steve.org.uk]"
gpg:                 aka "Steve Kemp [skx@debian.org]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DB1F F3FB 1D08 FC01 ED22  2243 C0CF C6B3 CD4C 0D9D

If you receive errors please do let me know

Mandatory Secure Logins

If you wish to ensure that you always receive a secure connection, a secure login, and that people cannot sniff your traffic in transite you can visit the advanced login page to setup your options.