Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
ffk
on May 9, 2015
|
parent
|
context
|
favorite
| on:
Stupid certificate tricks
rya.nc is also actively using the certificate he generated. :)
mellavora
on May 9, 2015
|
next
[–]
I like people with guts.
devcpp
on May 9, 2015
|
prev
[–]
Really? I'm getting serial number 0X043f60 (instead of 0x1599c5), validity starting on May 7 2015. Might that have to do with using Firefox or anything client-related? Or he switched it?
ryan-c
on May 9, 2015
|
parent
|
next
[–]
I updated the server certificate to one signed with RSA+SHA256 to make chrome happy, but the new one has the same thing done to it.
wolf550e
on May 10, 2015
|
root
|
parent
|
next
[–]
Is the private key from the blog post valid to impersonate your server?
mithras
on May 10, 2015
|
root
|
parent
|
next
[–]
Depends on whether he revoked it or not.
ryan-c
on May 10, 2015
|
root
|
parent
|
next
[–]
The private key in the article was generated specifically for the article as an example - there's no CA-signed certificate that used it.
Also, certificate revocation is
very
unreliable.
jcase
on May 10, 2015
|
parent
|
prev
[–]
Running the openssl s_client command from the article will show you live.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
