Blacklisted certificates
Ronald Klop
ronald-lists at klop.ws
Wed Mar 31 12:24:57 UTC 2021
Van: Jochen Neumeister <joneum at FreeBSD.org>
Datum: woensdag, 31 maart 2021 13:26
Aan: Christoph Moench-Tegeder <cmt at burggraben.net>, freebsd-current at freebsd.org
Onderwerp: Re: Blacklisted certificates
>
>
> Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder:
> > ## Jochen Neumeister (joneum at FreeBSD.org):
> >
> >> Why are this certificates blacklisted?
> > Various reasons:
> > - Symantec (which owned Thawte and VeriSign back in the time) made
> > the news in a bad way:
> > https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/
> > - some certificates are simply expired
> > - some certificates use SHA-1 ("sha1WithRSAEncryption") which is
> > beyond deprecated
> > - and basically "whatever Mozilla did", as the certificates are
> > imported from NSS.
>
> how can I ignore the certificates now? So now everyone has this problem with an update
>
>
> Greetings
> Jochen
>
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>
>
>
Hi,
This is the proper output of installworld. So you don't have to ignore anything anymore. It is handled by installworld.
Ronald.
More information about the freebsd-current
mailing list