[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Single SignOn CA certificate updated


the capability bits in the CA certificate used by the Single SignOn
were incorrect. This was ignored by openssl in jessie, and it's
starting to be noticed by openssl in stretch and above.

Thanks to the work of Luca Filipozzi, sso.debian.org has an updated CA
certificate with the right bits. Luca reused the private key material,
so all existing certificates remain valid.

If you are maintaining a service that authenticates developers, and you
are not using the CA key directly from /var/lib/dsa/sso, then please
update the CA certificate in your service with the new version at


GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Attachment: signature.asc
Description: PGP signature

Reply to: