[SAC] SSL Certificate Followup

Alex M tech_dev at wildintellect.com
Mon May 2 06:57:48 PDT 2016


On 05/02/2016 09:51 AM, Sandro Santilli wrote:
> On Mon, May 02, 2016 at 09:33:34AM -0400, Alex M wrote:
> 
>> Note to those suggesting
>> letsencrypt, that too would only be a DV cert.
> 
> Am I reading it correctly that https://wikipedia.org
> and https://fsf.org are also using a DV cert ?
> 
> My browser reports (upon asking for more information):
> 
> "This website does not supply ownership information."
> 
> Which is the same I get on https://trac.osgeo.org/
> with the new certs.
> 
> I'd add that "ownership information" can be retrived
> (for all the above domains) via the WHOIS database:
> 
>  whois fsf.org  | grep 'Registrant Organization'
>  whois wikipedia.org  | grep 'Registrant Organization'
>  whois osgeo.org  | grep 'Registrant Organization'
> 
> --strk;
> 


It's not the Ownership info, it's the Organization (O) line, right after
the common name. That's the only difference I've found.

I'll also note, it's harder to hijack the account, since even when
logging in you basically can't do anything on Comodo (our old cert) and
I've been going back and forth with them about updating the contact
email address, which requires emailing from the current account to a
specific address on their side requesting the change.

Since we don't do an $ transactions, I can't really say if it's worth it
or not.

Thanks,
Alex


More information about the Sac mailing list