SSL certificate

Fri Aug 16 03:22:39 EDT 2013

Check greetings thank you!

Kamil Sevi

https://twitter.com/kamilsevi

          Issue:  

          SSL certificate

          Severity:  

Hig        

          Confidence:  

          Certain

          Host:  

          https://developer.pidgin.im

          Path:  

          /

      Issue detail

    The following problem was identified with the server's SSL certificate:

        The server's certificate is not trusted.

    The server presented the following certificates:

      Server certificate

          Issued to:  

          developer.pidgin.im, www.developer.pidgin.im

          Issued by:  

          PositiveSSL CA

          Valid from:  

          Mon Dec 08 02:00:00 EET 2008

          Valid to:  

          Mon Dec 09 01:59:59 EET 2013

      Certificate chain #1

          Issued to:  

          AddTrust External CA Root

          Issued by:  

          AddTrust External CA Root

          Valid from:  

          Tue May 30 13:48:38 EEST 2000

          Valid to:  

          Sat May 30 13:48:38 EEST 2020

      Certificate chain #2

          Issued to:  

          PositiveSSL CA

          Issued by:  

          UTN-USERFirst-Hardware

          Valid from:  

          Mon Sep 18 03:00:00 EEST 2006

          Valid to:  

          Sat May 30 13:48:38 EEST 2020

      Certificate chain #3

          Issued to:  

          UTN-USERFirst-Hardware

          Issued by:  

          AddTrust External CA Root

          Valid from:  

          Tue Jun 07 11:09:10 EEST 2005

          Valid to:  

          Sat May 30 13:48:38 EEST 2020

      Certificate chain #4

          Issued to:  

          AddTrust External CA Root

          Issued by:  

          AddTrust External CA Root

          Valid from:  

          Tue May 30 13:48:38 EEST 2000

          Valid to:  

          Sat May 30 13:48:38 EEST 2020

      Issue background

    SSL helps to protect the confidentiality and integrity of information in 
    transit between the browser and server, and to provide authentication of 
    the server's identity. To serve this purpose, the server must present an 
    SSL certificate which is valid for the server's hostname, is issued by a 
    trusted authority and is valid for the current date. If any one of these 
    requirements is not met, SSL connections to the server will not provide 
    the full protection for which SSL is designed.

It should be noted 
    that various attacks exist against SSL in general, and in the context of 
    HTTPS web connections. It may be possible for a determined and 
    suitably-positioned attacker to compromise SSL connections without user 
    detection even when a valid SSL certificate is used

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130816/33ed9594/attachment.html>