Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Fraudulent *.google.com certificate issued
Posted Aug 30, 2011 13:06 UTC (Tue) by lkundrak (subscriber, #43452)
Both Czech and Slovak tax offices (and supposedly more government sites) use CAs that are not bundled with any browser/OS (similarly called "First Certificating" in both countries). Moreover, if you attempt to verify the certificate via phone noone even knows what a fingerprint is. I probably don't want to know how much did the certificates cost.
Posted Aug 30, 2011 13:30 UTC (Tue) by cesarb (subscriber, #6266)
The trick I use is, whenever installing a new computer, go to https://www.mozilla.org/projects/security/certs/pending/, which has both the links to the correct root certificates for ICP-Brasil and their fingerprints (they are what Mozilla will add if/when the CA is accepted). Just click on each one, set the correct trust bits (also listed in that page - in ICP-Brasil's case, it is only "Websites"), compare the fingerprint, and done. Just remember to check you are using https for that page.
Posted Aug 30, 2011 16:36 UTC (Tue) by iabervon (subscriber, #722)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds