www.openssh.com certificate misconfiguration

Ron Frederick ronf at timeheart.net
Sat Sep 4 02:58:00 AEST 2021

> On Sep 3, 2021, at 9:51 AM, Thomas Dwyer III <tomiii at tomiii.com> wrote:
> On Fri, Sep 3, 2021 at 8:18 AM Jochen Bern <Jochen.Bern at binect.de> wrote:
>> On 03.09.21 16:28, Dmitry Belyavskiy wrote:
>>> The site www.openssh.com is misconfigured and sometimes browsers refuse
>> to
>>> connect because of hostname mismatch - the certificate provided by the
>> site
>>> is issued for www.openbsd.org. Could you please fix it?
>> There is nothing broken - the server cert lists "www.openssh.com" in the
>> Subject Alternate Names (SANs), along with a dozen others.
> There is nothing broken on *www.openssh.com*. There *is* something broken
> on www.openssh.org which redirects to www.openssh.com.

Agreed - while there are a bunch of SANs listed, www.openssh.org <http://www.openssh.org/> is not one of them, as least from what I see here:

            X509v3 Subject Alternative Name: 
                DNS:ftp.openbsd.org, DNS:libressl.org, DNS:openbsd.org, DNS:openiked.org, DNS:openssh.com, DNS:rpki-client.org, DNS:www.libressl.org, DNS:www.openbsd.org, DNS:www.openiked.org, DNS:www.openrsync.org, DNS:www.openssh.com, DNS:www.rpki-client.org
Ron Frederick
ronf at timeheart.net

More information about the openssh-unix-dev mailing list