Hi all,
In the new (0.28) release of the CA RPMs the UKeScience CA changed
the digest algorithm used to self-sign its root certificate. The
actual keypair is unchanged, but the new signature algorithm does
lead to a different fingerprint for the certificate.
For reference, the new fingerprint are
MD5: F7:65:A8:5E:67:2B:7C:F4:90:20:38:14:BC:05:04:F6
SHA1: 0C:B4:61:99:63:6C:A3:CB:E1:58:CE:F3:66:D2:C4:D3:34:BF:A7:40
If your new UKeScience root certificate has this fingerprint, it
is correct. Both the old and the new cert will correctly validate
all issued UKeScience end-entity certificates.
Note that the changeover to an SHA1 digest is related to the recent
cryptographic collisions discovered in the now-obsolete MD5 algorithm.
Use of MD5 hash functions is now actively discouraged.
Regards,
David Groep
EUGridPMA
Reproduced below is again the changelog between 0.27 and 0.28 FYI:
Changes from 0.27 to 0.28
-------------------------
(6 April 2005)
* Added the root certs for the newly accredited CAs "AustrianGrid" and
"NIIF/Hungarnet"
* updated signing policy file of SiGNET CA to handle new emailAddress
DN component name
* added "BalticGrid CA" in the "worthless" section, for experimentation
by AndersW
* UKeScience CA changed to SHA1 digest for the root certificate
* new CRL and CA URLs for both CyGrid CAs
Kyriakos G. Ginis wrote:
> On Fri, Apr 08, 2005 at 08:31:11AM +0200, Ricardo Graciani wrote:
>
>>Hi,
>>
>> This morning test reports the following error:
>>
>>Checking ca_UKeScience RPM: FAILED: rpm is ca_UKeScience-0.28-1,
>>checking the file itself (/etc/grid-security/certificates/01621954.0)
>>/etc/grid-security/certificates/01621954.0: FAILED
>>md5sum: WARNING: 1 of 1 computed checksum did NOT match
>>
>> I went to the machine where the test run and check with rpm
>>content:
>>
>> Everything looks OK with the files.
>
>
> Hi,
>
> On HG-01-GRNET we have exatly the same problem.
>
> --
> Kyriakos Ginis, PhD Candidate
> Software Engineering Laboratory
> National Technical University of Athens
--
David Groep
** National Institute for Nuclear and High Energy Physics, PDP/Grid group **
** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
|