Last modified: 2010-04-09 11:56:54 UTC
The X.509 certificate for bugzilla.wikimedia.org has expired: it is not valid after 2011-01-31T21:36:50+00:00. It should be replaced. Side notes: It also uses the MD5 algorithm for hashing, which is not considered secure anymore. This should be changed to a more secure algorithm like one from the SHA-2 family. The certificate is also used for bugs.wikimedia.org, but does not contain that host name in the certificate (should be included in subjectAlternativeName as a dNSName). bugs.wikimedia.org uses a HTTP 302 Moved to redirect users to bugzilla.wikimedia.org, but this does not mean that the certificate does not have to include the host name as well. (Or a second certificate has to be used.) Furthermore, I recommend restricting keyUsage to critical:(digitalSignature,keyEncipherment) (this will limit the usable algorithms to the ones with ephemeral keys, which should not be a problem, but considered a good thing) and extendedKeyUsage to (serverAuth). Client authentication is probably unnecessary for the certificate.
Hi, the current year is 2010 and not 2011. Is this a error from your browser? If yes, control your date settings. Viele Grüße Jan
Certificate is valid for another 9 months, closing.