[ntp:security] Incorrect HTTPS Certificate CN on pool.ntp.org:443

David Brown dave at scri.pt
Fri Jul 27 16:36:23 UTC 2018


Hi NTP Security,

An HTTPS server on pool.ntp.org (173.255.206.154 - LINODE-US NET-173-255-192-0-1) appears to be serving a certificate with a CN of mail.nicholasmiller.me, which does not match the domain name of pool.ntp.org.

The certificate in question is issued by Let's Encrypt Authority X3 and has an SHA-1 fingerprint of 02 AC CC 86 C5 8D 2B 61 28 C8 A0 69 9F 95 8A 27 8F 03 76 46.

It's likely this is a misconfiguration and not a security issue IMO, but I wanted to bring it to your attention.

Best,
--
David Brown
Portland, Oregon, USA



More information about the security mailing list