Letsencrypt

Some of you who have been hanging around on webmail.toxisch.net will have noticed. As of today we are using a new certificate for toxisch.net.

Until now our certificates were issued by CA-Cert. However, CA-Cert is not a recognized certificate authority in most browsers, which led to ugly error messages.

With the initiative letsencrypt it is possible to issue free certificates which are recognized by many (all?) internet browsers.

So now you don’t have to accept and import “untrustworthy” certificates, but can simply access our web services directly.

We wish you a lot of fun with toxisch.net.

Heartbleed

As you may have noticed, a bug in OpenSSL has been found recently (heise.de - Der GAU für Verschlüsselung im Web: Horror-Bug in OpenSSL). Various messages indicated that the private key of the server could be read.

We reacted of course immediately and updated OpenSSL. So the mailing as well as the web services should run properly and securely again (… until the next bug).

Furthermore some certificates have been updated. This means, you might get (have gotten) a message indicating this. But this is not bad - in fact it is necessary.

If you want to have more explanations about Heartbleed: xkcd.org or heise.de.

Certificates

Sometimes (about every half year) there are new certificates from the server. This is because we haven’t made it that far in the CACert hierarchy yet.

We are only allowed to use our public certificates for half a year. Then they have to be updated. You can get more information by pressing the button “fingerprints” above.

When the certificates are updated, your browser should

  • your browser should not show an error message anymore
  • the mail client should not cause any problems either