2 Nov
2015
2 Nov
'15
11:11 a.m.
For anyone stumbling across this thread:
As Cory (NQ1E) has explained lotw is making a transition to a newer
certificate authority which IS NOT signed by the older ca, i.e. it is
unrelated.
With the help from Tom SP2L I have figured out that the current
certificate of the openvpn access point is the older lotw cert.
If you got signed by the newer cert you likely will not be able to
access the openvpn like me. (I cannot prove that but since cannot access
it and I only have the newer cert I have the strong suspicion that my
claim is true)
73 de Roland, oe1rsa
On 27.10.2015 at 21:37 wrote Cory (NQ1E):
The oldest of the three LotW root CAs hasn't been
in-use for several
years and can be discarded. I think I heard that they lost the
private key for it, or something silly like that.
The second one is their SHA1 root CA cert that they've been using up
until this year, but should be kept around for a while because some
people still have call sign certs in that chain. Since call sign
certs are only signed for two years, you can discard that root CA too
once the existing call sign certs expire.
The lastest LotW root CA was created this year using modern crypto
tech. It was necessary because it's expected that SHA1 will be broken
within a few year, so everyone's in a hurry to move away from it.
-Cory
NQ1E
--
_________________________________________
_ _ | Roland Schwarz
|_)(_ |
| \__) | mailto:roland.schwarz@blackspace.at
________| http://www.blackspace.at