[Users] Weird certificate update popups

[Paul Rolland]

Hello,

On Wed, 19 Feb 2025 12:17:42 +0100
Michael Schwendt <bugs.michael at gmx.net> wrote:

> On Wed, 19 Feb 2025 11:31:13 +0100, mi wrote:
> 
> > But they have no explanation !  
> 
> Probably you've caught them in the middle of pushing new certs to multiple
> servers while you were opening connections with different servers using a
> mix of old and new certs.
> 
> But with an expiry date of 2025-02-22, you will find out in a few days
> what will happen, since they will need to update that cert again then
> anyway. ;-)

posteo.de has 2 IPs, and the certificates are not the same depending on the
IP:
448 [12:41] rol at riri:~> openssl s_client -starttls smtp -connect 185.67.36.169:25
CONNECTED(00000003)
...
Certificate chain
 0 s:jurisdictionC = DE, jurisdictionST = Berlin, jurisdictionL = Charlottenburg, businessCategory = Private Organization, serialNumber = HRA 47592, C = DE, ST = Berlin, L = Berlin, O = Posteo e.K., CN = posteo.de
   i:C = US, O = DigiCert Inc, CN = GeoTrust EV RSA CA G2
   a:PKEY: rsaEncryption, 3072 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 19 00:00:00 2024 GMT; NotAfter: Feb 21 23:59:59 2025 GMT

and

449 [12:42] rol at riri:~> openssl s_client -starttls smtp -connect 185.67.36.168:25
...
 0 s:jurisdictionC = DE, jurisdictionST = Berlin, jurisdictionL = Charlottenburg, businessCategory = Private Organization, serialNumber = HRA 47592, C = DE, ST = Berlin, L = Berlin, O = Posteo e.K., CN = posteo.de
   i:C = US, O = DigiCert Inc, CN = GeoTrust EV RSA CA G2
   a:PKEY: rsaEncryption, 3072 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb  7 00:00:00 2025 GMT; NotAfter: Feb 24 23:59:59 2026 GMT

Regards,
Rol
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20250219/40be5bff/attachment.sig>