Tämä näyttää erot valitun ja nykyisen version kesken tästä sivusta.
faq:saehkoepostinvarmenteet [2013-10-21 12:19] kivinen luotu |
faq:saehkoepostinvarmenteet [2018-09-27 12:30] (nykyinen) kivinen |
||
---|---|---|---|
Rivi 6: | Rivi 6: | ||
<code> | <code> | ||
- | -----BEGIN CERTIFICATE----- | + | -----BEGIN X509 CERTIFICATE----- |
- | MIIFwzCCA6ugAwIBAgIDUZnFMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNVBAYTAkZJ | + | MIIDITCCAgmgAwIBAgICJxAwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMCRkkx |
- | MQ8wDQYDVQQKEwZJS0kgcnkxGTAXBgNVBAMTEElLSSBSb290IENBIDIwMDkwHhcN | + | DDAKBgNVBAoTA0lLSTENMAsGA1UECxMETWFpbDEVMBMGA1UEAxMMTWFpbCAyMDE4 |
- | MDkxMTA0MTc0MTI3WhcNMjAwMTMxMTc0MTI3WjA5MQswCQYDVQQGEwJGSTEPMA0G | + | IENBMB4XDTE4MDEwMTAwMDAwMFoXDTI1MTIzMTIzNTk1OVowQTELMAkGA1UEBhMC |
- | A1UEChMGSUtJIHJ5MRkwFwYDVQQDExBJS0kgUm9vdCBDQSAyMDA5MIICIjANBgkq | + | RkkxDDAKBgNVBAoTA0lLSTENMAsGA1UECxMETWFpbDEVMBMGA1UEAxMMTWFpbCAy |
- | hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1ExDgFGrghg8mxIAp0KTinHxkM1RvEpb | + | MDE4IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4L6ObmlRVSUj |
- | ikLdcy576/HpGrG4pwBibDbXL7nikX7FouCTyVSJQDKioBxyrtc+5PKFoVzJ5lo1 | + | DbrkeNax+ZgSf1iSG9NKPwSksj1kAwc59RwedsXt8gsXU4K5DbWyHzGeL0cNZNdm |
- | LxTIOtFFXovz9Q+WR9X+IFXBa4aQR5e2fOGf/z5CelaI3prnFxTT8r+o7GMuiXO/ | + | dXyANMnFRALMXR4c3sDOXg98CXoO1CO+7HFjKtpOh05DCippL1C1gsnDe/zBqByZ |
- | I/8s7bsBDZ9EKOn8kFPRt22XWa650ejmTbeNxSROQu4u495yBa3U3bRqf0RgNT4F | + | SX1MHJCgTSzU7PkGA5oaerkIwXESsolL8K6nMxiS1toe1Yky4sss8ZPNcgkMvBqQ |
- | Wkd4TFnHJurCtqS32Etv16vF22tdMttfUUb/EPkmkt42pRpeeLia7Kvni6VRD0XZ | + | xhmxbJesbV97iBAHO2aj/tVXtcaQThdgxgY7fx/J6yFPo2gLIJWoVJbFhnaW/LkZ |
- | +5Olo5u9hkfAbVxD5+3zwtK9moQqld0IkXUD2cNWQFGqHyb8c7KDM68TCE3HoIjF | + | AdMN5e2kKXkqbAo2hcyU+2laVT43XYsBVHpp7ZWJTwWnr73q5V6W97Cc47pNCopG |
- | DMasak+wE5Yo1AMjWwVtKsqCI+RHZXb6K61hevnw/nrZFzh95xpDNVzpyZC63VZb | + | yUehXXne7QIDAQABoyMwITALBgNVHQ8EBAMCAoQwEgYDVR0TAQH/BAgwBgEB/wIB |
- | 8KLCiArELjW5FkUAhgdM90fRnhlVlFtO5UylLaTwn2GSMtweG8B+CaDReyOx9BId | + | ATANBgkqhkiG9w0BAQsFAAOCAQEAMOdf5ZNlih0cje4d9E9KJB5as9bDENIbQgzN |
- | 2R5AjctLIoxLaIK4jehN1T5JYOSYBbZvuE43mKDMKmIFJUIqV11sVawpH1v7FLRy | + | eCgIuA+B9XuGmP1aL6blOqBdx1nvL2HuWfLoX6238CsljMAr5LwFDHDUtmTpt/qC |
- | 8jQtuy25XcQOtXqqp9McnmpYjNWG/REqpBZVNhmf4NKoGfMDwVcXxn0Qonh1bU4U | + | BiTbNUd4cpAeDgdWwlDrl+DDyJq5kr4pLJU+eQrtJyQeRaNsFLRdiJC8RkTH9RSi |
- | uZyET4AiSvwEzrFHZj3EUbT/c4Bf3aoqVTXVX77iByPYVIR+oZJ9pQq6VID0HDX0 | + | dXnCExHyrl3iqoS3IiicDvnXCgkrrhYpdvZg/foWKYaH+KbP0f7ySnx5gTXcA14j |
- | Br4Apq6iqJkCAwEAAaOB0zCB0DAfBgNVHSMEGDAWgBQTBmVi3zIfXYBJKxRjrXcz | + | 4Q0iOjngxtUsZxFXMsaR7R7La4vj489z84Uc90N/bvBF8uGs+zQ9de4R18TJ0Tup |
- | Dfb5vDAdBgNVHQ4EFgQUEwZlYt8yH12ASSsUY613Mw32+bwwDgYDVR0PAQH/BAQD | + | 4lj2KYUYerbh++X0Gcc0kLKDFbtCPjI/ixVgVuAW/eNnnQ8fSg== |
- | AgGmMFIGA1UdIARLMEkwRwYKKwYBBAHjfgICATA5MDcGCCsGAQUFBwIBFitodHRw | + | -----END X509 CERTIFICATE----- |
- | Oi8vd3d3LmlraS5maS9pa2kvcGtpL0lLSS1yb290LWNwcy5odG1sMBkGA1UdEQQS | + | |
- | MBCBDmlraS1wa2lAaWtpLmZpMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF | + | |
- | BQADggIBAMyWiTGQYd0XatEI4eWgMi9N1tA9BRbpWnHCwy8ugCGvr3qyBlVPoLjN | + | |
- | jA7fH9eU8pK4NNG03EYkUZvUa3xwwtp/qnrOFhpG7Ov83HH3vXz+RtYdZcki6agj | + | |
- | 5TXiB3DDLsnF4NbjHxQ8nHRKZjsIssGGkZ3VHTwmewoK5QlYntzlNQ+uzz38PGGE | + | |
- | Z/iKB+ugr78aCPpKg8p5XNy/MnkwgeaRQ6MZN9D1P/lYpNr6kQ5htpPnQjZ+9bEZ | + | |
- | X6yyGOgow0KZsDOdXgWkg0oyuJB/frU5AkaMBsttqoandkwSWYNq5WWDVqpXM5fp | + | |
- | eOp4sUdohgE5K/Wy7i17XcLKec10tqi3pZLa0XmcRWfMIpuPfSC3R9qxh9/gYomH | + | |
- | ObhLBrD6xlNEWZZyGzIqAG+OwrtL4tQBoiMis8O1b2iBA4b2kJk91m6p1ZUvuTH4 | + | |
- | 56zj6xydDQkF7hBaJ6VNdPGTqG7GQWVTqxY2Oo7mYNxY2l+c470L8/+iRabZk7UA | + | |
- | iWHV7k7g4nckO5ZWo0moZMsEtGPScekrihyXJ9hKYh699AZJykk7TNZK7JkPVdZy | + | |
- | 2GmStpTqQ5Ko4kZsHfke6s32S3o+s1nr6C0u/an1TsCpSL32bIflBeRbpd6RwJwB | + | |
- | g03DyAQw8+iN9rSj/K24AH4y/MlXS4a1o3JtO/5ys3QernaS4OWZ | + | |
- | -----END CERTIFICATE----- | + | |
</code> | </code> | ||
Rivi 45: | Rivi 31: | ||
<code> | <code> | ||
Certificate = | Certificate = | ||
- | SubjectName = <C=FI, O=IKI ry, CN=IKI Root CA 2009> | + | SubjectName = <C=FI, O=IKI, OU=Mail, CN=Mail 2018 CA> |
- | IssuerName = <C=FI, O=IKI ry, CN=IKI Root CA 2009> | + | IssuerName = <C=FI, O=IKI, OU=Mail, CN=Mail 2018 CA> |
- | SerialNumber= 5347781 | + | SerialNumber= 10000 |
- | SignatureAlgorithm = rsa-pkcs1-sha1 | + | SignatureAlgorithm = rsa-pkcs1-sha256 |
Certificate seems to be self-signed. | Certificate seems to be self-signed. | ||
* Signature verification success. | * Signature verification success. | ||
Validity = | Validity = | ||
- | NotBefore = 2009 Nov 4th, 17:41:27 GMT | + | NotBefore = 2018 Jan 1st, 00:00:00 GMT |
- | NotAfter = 2020 Jan 31st, 17:41:27 GMT | + | NotAfter = 2025 Dec 31st, 23:59:59 GMT |
PublicKeyInfo = | PublicKeyInfo = | ||
PublicKey = | PublicKey = | ||
Algorithm name (SSH) : if-modn{sign{rsa-pkcs1-md5}} | Algorithm name (SSH) : if-modn{sign{rsa-pkcs1-md5}} | ||
- | Modulus n (4096 bits) : | + | Modulus n (2048 bits) : |
- | 86609988873444508966910697159496547740030665196880367333496647565098056 | + | 28371347161743193094518720617772706523426815530185116582353026105107716 |
- | 15327192298536462356999853795119452120436395553486443797088310931873247 | + | 38328331232006126457624143952749066696013032682718430134537350895869434 |
- | 65309553140319502313554353777868185071756265005394280038809585401966807 | + | 93499829813155909640592334780385864033711659456080585675862442239414451 |
- | 67371741648156230368035051942067104511668120849314596298711353920346400 | + | 48739774381764798385101053377246772178636113852251956818423399587105003 |
- | 30263613250512873331788129839255197419846897195335768280088750652809422 | + | 46979768285258246011518782479166165270843540329685329742506811988096774 |
- | 03827610699276787756535601952937077556422460336001510807224375576263219 | + | 69397301194042129546947948038321349876174256111883935016398036602630345 |
- | 24076336068179544116363885863562511473641638132185156245358792831518040 | + | 21707628652724468485584136206003808582929212311098300638786414520869230 |
- | 61698139888979094507737851876116927406228718602381568681163722700020165 | + | 77137368290687864666197291415520932275341194474437478929509853333558601 |
- | 23365967252710262440120496967852179569712486732088174199284126483859362 | + | 8744807512990328528219694975038319157691333336813 |
- | 71600568566820547147640799662804131275135761701935934216520801673314628 | + | |
- | 84806161180202887318731926102037513897599552258492180111627106394704180 | + | |
- | 55654750301371739817452779900248075391945993792078690654051005000710781 | + | |
- | 91283696584905384166772239151269854627810992807794865206465044179440453 | + | |
- | 75630116630247032414567510900851841536306106668825574583777809606383406 | + | |
- | 58285296502412840026894114412084833991396851917457966444864284037272236 | + | |
- | 89500191680467286664062780063230936549798241967143667796957936789298499 | + | |
- | 39455690237421591946725710727325310309378743123199537832928567990989671 | + | |
- | 89297305685194937236367513 | + | |
Exponent e ( 17 bits) : | Exponent e ( 17 bits) : | ||
65537 | 65537 | ||
Extensions = | Extensions = | ||
- | Available = authority key identifier, subject key identifier, key | + | Available = key usage, basic constraints(critical) |
- | usage(critical), certificate policies, subject alternative name, basic | + | KeyUsage = DigitalSignature KeyCertSign |
- | constraints(critical) | + | |
- | SubjectAlternativeNames = | + | |
- | Following names detected = | + | |
- | EMAIL (rfc822) | + | |
- | Viewing specific name types = | + | |
- | EMAIL = iki-pki@iki.fi | + | |
- | KeyUsage = DigitalSignature KeyEncipherment KeyCertSign CRLSign | + | |
- | [CRITICAL] | + | |
BasicConstraints = | BasicConstraints = | ||
- | cA = TRUE | + | PathLength = 1 |
+ | cA = true | ||
[CRITICAL] | [CRITICAL] | ||
- | AuthorityKeyID = | ||
- | KeyID = | ||
- | 13:06:65:62:df:32:1f:5d:80:49:2b:14:63:ad:77:33:0d:f6:f9:bc | ||
- | SubjectKeyID = | ||
- | KeyId = | ||
- | 13:06:65:62:df:32:1f:5d:80:49:2b:14:63:ad:77:33:0d:f6:f9:bc | ||
- | PolicyInformation = | ||
- | PolicyIdentifier = 1.3.6.1.4.1.12798.2.2.1 | ||
- | PolicyQualifiers = | ||
- | CPSuri = http://www.iki.fi/iki/pki/IKI-root-cps.html | ||
Public key SHA1 hash = | Public key SHA1 hash = | ||
- | 13:06:65:62:df:32:1f:5d:80:49:2b:14:63:ad:77:33:0d:f6:f9:bc | + | 0d:eb:23:7d:d4:a5:0f:16:68:cb:19:fb:e3:9a:a5:f9:f8:df:3d:ea |
IKE Certificate hash = | IKE Certificate hash = | ||
- | b2:a8:8d:f0:4d:0b:bb:a4:95:e2:83:0f:9d:e1:ec:13:ce:da:a1:be | + | 38:8c:56:d9:cd:c1:3d:75:5c:22:c0:4b:dc:18:47:61:ce:03:99:57 |
Fingerprints = | Fingerprints = | ||
- | MD5 = 30:7c:5a:14:71:82:a7:c8:71:97:77:3a:d4:57:85:a0 | + | MD5 = 7f:59:52:5e:ca:74:44:5e:cd:a0:db:39:28:48:07:22 |
- | SHA-1 = da:bd:e9:90:4a:70:63:3c:2d:aa:3c:0e:16:f6:97:b2:12:4d:b8:51 | + | SHA-1 = 9b:bd:9b:70:78:28:f0:00:03:a8:b0:b0:5d:61:63:fa:c6:10:d8:61 |
</code> | </code> | ||
- | Huomaa että tällä hetkellä mailikoneet käyttävät yhtä ainoaa salaista avainta (eli kaikki koneet jakavat saman salaisen avaimen) ja sen lisäksi tuolla CA avaimella on allekirjoitettu ensin mail-servereitä varten yksi väli-CA ja sillä on sitten allekirjoitettu lopullinen maili-varmenne. | + | Tällä hetkellä (joulukuu 2013) jokaisella mailikoneella on erillinen salainen avain ja nuo kaikki avaimet on allekirjoitettu tuolla CA avaimella (jonka varmenne tehtiin uudestaan tammikuussa 2018 käyttämään sha2:sta sha1:sen sijaan). Aikaisemmin käytettiin IKI CA avainta, mutta kun iki-ca kone on poissa käytöstä niin nuo sähköpostikoneiden alivarmenteet olivat vanhentuneet ja niiden päivittäminen ei onnistunut, niin siirryimme käyttämään erillistä CA:ta. |
- | + | ||
- | Koska nuo varmenteet on luotu ikica:lla ja kyseinen palvelu on tällä hetkellä poissa käytöstä niin kyseiset väli-CA ja maili-varmenne ovat molemmat jo vanhentuneet. | + | |