www.spi-inc.org uses an invalid security certificate

Joshua D. Drake jd at commandprompt.com
Thu Feb 27 16:03:17 UTC 2014

On 02/26/2014 11:43 PM, TJ wrote:
> Early I accessed a secure Debian server [1] that presented a X509 certificate issued by an untrusted CA that turned out to be spi-inc.
> Visiting spi-inc.org [2] I hit another issue with an invalid certificate being presented causing Firefox to warn "The certificate is not valid for any server names" (as well as certificate not
> trusted). The certificate's Common Name is "members.spi-inc.org" and there are no Subject Alt Name  hosts.
> How can we have trust in the CA when the CA itself cannot correctly manage its own certificates?

I would argue that you can't trust a CA, period. That said yes, we 
should have proper certificates.


Command Prompt, Inc. - http://www.commandprompt.com/  509-416-6579
PostgreSQL Support, Training, Professional Services and Development
High Availability, Oracle Conversion, Postgres-XC, @cmdpromptinc
For my dreams of your image that blossoms
    a rose in the deeps of my heart. - W.B. Yeats

More information about the Spi-general mailing list