[ntp:security] Incorrect HTTPS Certificate CN on pool.ntp.org:443
Majdi S. Abbas
msa at latt.net
Fri Aug 10 08:52:43 UTC 2018
Please try https://www.pool.ntp.org/ — which should redirect you to ntppool.org.
Other hostnames in pool.ntp.org are likely to be DNS RRsets and not valid targets for https:// URIs.
> On Jul 27, 2018, at 9:36 AM, David Brown <dave at scri.pt> wrote:
> Hi NTP Security,
> An HTTPS server on pool.ntp.org (188.8.131.52 - LINODE-US NET-173-255-192-0-1) appears to be serving a certificate with a CN of mail.nicholasmiller.me, which does not match the domain name of pool.ntp.org.
> The certificate in question is issued by Let's Encrypt Authority X3 and has an SHA-1 fingerprint of 02 AC CC 86 C5 8D 2B 61 28 C8 A0 69 9F 95 8A 27 8F 03 76 46.
> It's likely this is a misconfiguration and not a security issue IMO, but I wanted to bring it to your attention.
> David Brown
> Portland, Oregon, USA
> security mailing list
> security at lists.ntp.org
More information about the security