Certificate Warnings for IETF Websites

Glen <glen@amsl.com> Sun, 30 August 2009 23:42 UTC

Return-Path: <glen@amsl.com>
X-Original-To: ietf-announce@core3.amsl.com
Delivered-To: ietf-announce@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id C12903A6D65; Sun, 30 Aug 2009 16:42:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.216
X-Spam-Status: No, score=-99.216 tagged_above=-999 required=5 tests=[AWL=0.077, BAYES_20=-0.74, MSGID_MULTIPLE_AT=1.449, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id sj-gyC8YSO4Y; Sun, 30 Aug 2009 16:42:28 -0700 (PDT)
Received: from mail.amsl.com (unknown [IPv6:2001:1890:1112:1::14]) by core3.amsl.com (Postfix) with ESMTP id EE6713A6A84; Sun, 30 Aug 2009 16:42:28 -0700 (PDT)
Received: by core2.amsl.com (Postfix, from userid 1000) id 2666031A722; Sun, 30 Aug 2009 16:42:17 -0700 (PDT)
Date: Sun, 30 Aug 2009 16:42:18 -0700
From: Glen <glen@amsl.com>
To: ietf-announce@ietf.org, ietf@ietf.org
Subject: Certificate Warnings for IETF Websites
Message-ID: <20090830234218.GD18180@glen>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.16 (2007-06-09)
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Aug 2009 23:42:30 -0000

All -

At the direction of the IETF, I have just installed new SSL certificates
on the IETF website.  These certificates were provided to us by Verisign.

Although my PCs do not complain, my Macs, and several other users' computers,
are complaining about these new certificates.  Specifically, I get a warning
that "the certificate for this website was signed by an unknown certifying

They do use an intermediate chain certificate, and I do have that certificate
installed and configured as well, so I'm not sure what the issue is.

I've sent email to Verisign to ask them what the problem might be, and I'm
sure we'll get clarification within the next day or so.

In the meantime, you may wish to ignore these warnings and continue on.

The certificate serial number we are using is:
01 C8 AD B8 C0 E5 15 B4 31 7B F5 DC 27 34 C6 9A

The SHA1 fingerprint is:
B7 7C 38 E6 E4 E0 E0 6F EB 42 8A AD 86 32 3F FB F6 62 68 45

The MD5 fingerprint is:
E2 DA 09 86 53 4E E8 EA 08 EA 2B CD F9 09 BA 7F

And the certificate expires:
Wednesday, August 25, 2010, at 4:59:59 PM PT

You may wish to add this certificate to your custom trust chain.

And, as I said, we expect that we'll get a quick resolution to this issue
from Verisign.

Glen Barney
IT Director
AMS (IETF Secretariat)