[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: old https security debian org does not redirect to new page, invalid ssl cert instead

On 31/03/2019 00:48, Cyril Brulebois wrote:
> Hi,
>
> dragon@peerfreedom.org <dragon@peerfreedom.org> (2019-03-30):
>> Previously the web page for debian security was located on:
>>
>> security.debian.org
>>
>> Going there now through http, will redirect to the new address
>> www.debian.org/security/
>>
>> But going there through https, will instead return SSL errror, cert by
>> unknown CA "Debian SMTP CA" which seems to have "CA key identifier" "00
>> f6 08 13 4a 49 f7 da d3",
>> entire cert sha256 fingerprint is
>> "DF:68:20:DA:43:5A:7C:1A:9C:43:8B:56:56:24:92:A5:E6:EC:F6:B1:92:8F:D1:4C:9F:5D:93:C7:7D:13:26:1B"
> Not all things served over http:// are supposed to be reachable over
> https:// so that might be just considered as not-a-bug.
>
>
> Cheers,


I think it is a bug clearly - because that site was working before, and
AFAIR was recommended by some pages and/or tutorials.
Anyway people have it in bookmarks.
Google indexed it too -
https://www.google.com/search?q=+"https%3A%2F%2Fsecurity.debian.org";

Imo just reject port 443 on that server, or make the redirection work again.

Current situation looks suspicious that you go to security web page and
see invalid SSL cert.
Reply to: