www.spi-inc.org uses an invalid security certificate

TJ spi-inc at iam.tj
Thu Feb 27 07:43:32 UTC 2014

Early I accessed a secure Debian server [1] that presented a X509 certificate issued by an untrusted CA that turned out to be spi-inc.

Visiting spi-inc.org [2] I hit another issue with an invalid certificate being presented causing Firefox to warn "The certificate is not valid for any server names" (as well as certificate not
trusted). The certificate's Common Name is "members.spi-inc.org" and there are no Subject Alt Name  hosts.

How can we have trust in the CA when the CA itself cannot correctly manage its own certificates?

[1] https://alioth.debian.org/scm/?group_id=30428
[2[ https://spi-inc.org/

More information about the Spi-general mailing list