X.509 certificate is expired

Daniel Kahn Gillmor dkg at
Fri May 6 23:59:37 CEST 2011

When i point a web browser at, i get a warning
that the server's X.509 certificate is expired (it has a CN of and several subjectAltNames, including

I'm not a fan of the CA cartel, but it would be nice to have some
up-to-date way of verifying the server, especially for people already
well-connected in the web-of-trust.

If the administrator of the server would publish the host's key in an
OpenPGP certificate, and sign it, then we could verify it that way.
Here's a quick intro for how to do that:

If this isn't acceptable for some reason, could you at least update the
certificate to one with a reasonable expiration date?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110506/5da89f9a/attachment.pgp>

More information about the Gnupg-users mailing list