[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ubuntu Jaunty Certificate Issue Solved


Ubuntu distributes a patched version of GNUtls 2.6.x.


 gnutls-cli -VV --print-cert -p 636 my-ldap-server.com 2>&1 | egrep 'RSA-MD5|warning'

See no output.  Using "-d 4711" instead of "-VV" doesn't show any problems either.

Download the real GNUtls 2.8.1 and build it and try again:


/opt/gnutls/bin/gnutls-cli -VV --print-cert -p 636 my-ldap-server.com 2>&1 | egrep 'RSA-MD5|warning'
        Signature Algorithm: RSA-MD5
warning: signed using a broken signature algorithm that can be forged.

Note that the CA cert is secure, it's the LDAP server's cert that was weak.