[ntp:security] Incorrect HTTPS Certificate CN on pool.ntp.org:443

Majdi S. Abbas msa at latt.net
Fri Aug 10 08:52:43 UTC 2018


David,

     Please try https://www.pool.ntp.org/ — which should redirect you to ntppool.org.

     Other hostnames in pool.ntp.org are likely to be DNS RRsets and not valid targets for https:// URIs.

     Thank you,

     —msa

> On Jul 27, 2018, at 9:36 AM, David Brown <dave at scri.pt> wrote:
> 
> Hi NTP Security,
> 
> An HTTPS server on pool.ntp.org (173.255.206.154 - LINODE-US NET-173-255-192-0-1) appears to be serving a certificate with a CN of mail.nicholasmiller.me, which does not match the domain name of pool.ntp.org.
> 
> The certificate in question is issued by Let's Encrypt Authority X3 and has an SHA-1 fingerprint of 02 AC CC 86 C5 8D 2B 61 28 C8 A0 69 9F 95 8A 27 8F 03 76 46.
> 
> It's likely this is a misconfiguration and not a security issue IMO, but I wanted to bring it to your attention.
> 
> Best,
> --
> David Brown
> Portland, Oregon, USA
> 
> _______________________________________________
> security mailing list
> security at lists.ntp.org
> http://lists.ntp.org/listinfo/security



More information about the security mailing list