from Hacker News

Expired SSL certificate

by chton on 4/9/15, 9:37 AM with 67 comments

  • by thejosh on 4/9/15, 10:03 AM

    WTF, changing your PC date is not a solution! This will cause more issues.

  • by jng on 4/9/15, 10:00 AM

    What is shocking is that they still haven't found the way to properly fix it after 3 days.

    I updated some SSL certificates last week (which even required contortions such as moving to a new issuer since some legacy software requires old-style SHA-1 signed ones which our current one doesn't provide), and it didn't take more than one (long) day of work.

  • by billpg on 4/9/15, 10:02 AM

    I wonder if browsers should for (say) a week after a cert has expired, show an error so alarms are raised, but allow the dialog to be dismissed with an OK instead of all the "Confirm Security Exception" that would go on for a more serious cert rejection.

  • by ntoshev on 4/9/15, 12:34 PM

    Our website monitoring service https://t1mr.com will warn you before your certificate expires (in addition to warning you when your site is down, and giving you reports of inbound and outbound dead links).

  • by seqizz on 4/9/15, 9:40 AM

    Should we set it to 1st of April?

  • by agarcia-deniz on 4/9/15, 10:12 AM

    I can't help but notice the motto:

    Enjoy the simplicity

  • by Karunamon on 4/9/15, 1:43 PM

    Rant mode:

    If I understand right, getting a replacement cert doesn't result in a change of the private key anyways.

    It's just magically, on the expiration date, your cert is somehow insecure and we must treat it as if YOU ARE IN DANGER!! - even though it's still better than then plain HTTP that everyone uses every single goddamned day. Hell, a self signed cert is better than plain HTTP, yet for some backwards-ass reason we treat it as worse, despite the fact it makes you immune from passive eavesdropping and any injection attacks, which the average person is a lot more likely to run into than a self-signed cert being used by an attacker to MITM you.

    CA's are a scam and a racket. I can't wait for Mozilla's Let's Encrypt[1] to come along and put them all out of business, hopefully before the last decade or so of training users to ignore the wolf-crying cert warnings comes to fruition.

    Yeah, this is irresponsible on Manjaro's part, they know the rules of the game, but the game is broken!

    [1] http://letsencrypt.org

  • by abofh on 4/9/15, 12:56 PM

    30 minutes, comodo reseller, seriously; You won't get SHA256, but you won't be asking your users to hurt themselves.

  • by bitJericho on 4/9/15, 9:54 AM

    Don't pretty much all browsers let you accept using an expired certificate?

  • by lauriswtf on 4/9/15, 10:00 AM

    Why is this on the frontpage?

  • by HendrikR on 4/9/15, 11:21 AM

    This is really awesome. Why do certificates expire in the first place?

  • by andygambles on 4/9/15, 10:55 AM

    Awesome