Menu
What's New
By:
Filters

Possible Certificate Alert

Bertha Bot

Bertha Bot

Entropia News Fetcher
Joined
Jul 26, 2006
Posts
3,312
Possible certificate alert for account.entropiauniverse.com
Due to an administrative mishap at our web certificate provider the website account.entropiauniverse.com may start displaying a certificate alert on 2015-04-16 when the current certificate expires.
We are working as fast as possible to get through the administrative processes that will enable the certificate again.
Your connection to https://account.entropiauniverse.com will continue to be secure even if your browser can not verify the authenticity of the server through the certificate provider.


Originally Posted Here
 
Good to know.
 
Today at MA HQ:

:proof:

:duh:

:trout:
 
may be time to abandon ssl 3 and sha-1 as well
 
My certificate provider sent me a mail telling me to update my sha-1 certificates or they'll stop working as most browsers will start rejecting them soon - allegedly.

According to Google’s blog on “Gradually Sunsetting SHA-1”, Chrome version 39 and later will display visual security indicators on sites with SHA-1 SSL certificates with validity beyond January 1, 2016. The production release of Chrome 39 is expected to be in November, 2014. The sites will be treated with one of the following indicators: “secure, but with minor errors” (lock with yellow triangle), “neutral, lacking security” (blank page icon) and “affirmative insecure” (lock with a red X). In order to prevent online users on Chrome version 39 and later from experiencing these indicators, SHA-1 SSL certificates expiring after December 31, 2015 must be replaced with SHA-256 (SHA-2) certificates.
Click to expand...

Microsoft’s SHA-1 deprecation plan differs in the activation time and browser behavior. Microsoft’s security advisory on “Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program” informed us that Windows will cease accepting SHA-1 SSL certificates on January 1, 2017. To continue to work with Microsoft platforms, all SHA-1 SSL certificates issued before or after this announcement must be replaced with a SHA-2 equivalent by January 1, 2017.
Click to expand...

So try opening the account website in chrome and you get the nice red line through the https as the certificate on it still uses sha-1.

Even then I've had to remove certain types of encryption for use by my servers.

I think I used this site https://www.digicert.com/help/ to work out what I needed to do on my servers.

I looked into my certs and I think I changed mine mid September 2014 when the warnings went out.
 
Last edited:
You must log in or register to reply here.
Back
Top