[Users] sssl certificate update - whats claws doing ?

Michael codejodler at gmx.ch
Tue Dec 29 15:40:56 CET 2015


I can see cert files containing a port number, in pairs (one file for the authority and one for the key). 

For the ports i use, 25 and 100, they got created Dec 23. For other ports like 465, they were created ('modified' in midnight commander) Oct 24, 2014 and 'changed' Mar 21, 2015. I suppose changed means overwritten with an update.

So, it looks like the certs in question were created from the scratch, because the creation date matches the 'changed' date ?

One day before the issue, the mail provider put up a webpage with an explanation, which i didn't find until they sent me the link; but i don't quite understand what thy are saying here... 
https://posteo.de/blog/zweites-erweitertes-sicherheitszertifikat

As i understand it, the "StartCom" authority was unreliable to reach, so they put up a second cert ("Bundsdruckerei" D-Trust) as a fallback (?).

However, i can not find any such cert in claws. Also, in the mail reply, they said they meanhwile were able to "switch back to StartCom" now.  Whatever that means: It gots me lots of questions like shouldn't i be askd for cert update again in this case ? What happened with the Bundesdruckerei cert ? Is it still in use, and why is not on my harddisk ? What about the reason for creating double in the first place, or is StartCom suddenly acceptable again ? 

My best idea is that the 'old' StartCom never was 'revoked' and i was asked for an update simply because they offered a second one, at some point. Meaning quite some confusion for me, without a clar benefit form my point of view - shouldn't they either turn completely to a new authority, or leave things alone ? .... but as i said, i don't relly understand these things.



More information about the Users mailing list