Verschlüsselte Verbindungen, ob imap, smtp, pop oder web sind nur solange sicher, wie verifiziert werden kann, dass sich der mit einem Zertifikat meldende Server tatsächlich unseren Erwartungen entspricht und nicht etwa ein ‘man-in-the-middle’ die vermeintlich verschluesselte Verbindung belauscht. Zu diesem Zweck gibt es nachfolgend eine Auflistung der von uns auf unseren Servern eingesetzten Zertifikate- und deren Fingerprints.

Überprüft es selbst:

Wenn Ihr unseren PGP-Key in Eurem Schlüsselring habt, könnt Ihr die PGP-Signatur unter der Zertifikatsliste einfach überprüfen:

curl --silent https://so36.net/basics/zertifikate | gpg

Die Fingerprints der einzelnen Server vergleicht Ihr dann, indem Ihr zum Beispiel in Eurem Browser auf das Vorhängeschloss in der Adressleiste klickt und dort “weitere Informationen” zum Zertifikat bzw. zur Netzwerkverbindung anfordert.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

[
  {
    "subject_CN": "rage.so36.net",
    "subjectAltName": "DNS:imap.mail36.net, DNS:imap.so36.net, DNS:mail.mail36.net, DNS:mail.so36.net, DNS:pop.mail36.net, DNS:pop.so36.net, DNS:pop3.mail36.net, DNS:pop3.so36.net, DNS:rage.so36.net, DNS:smtp.mail36.net, DNS:smtp.so36.net",
    "serial": "046FB5384BE43333847CCF41A2FCB8D899C6",
    "fingerprint_sha1": "196fed82a63b9c10f7e3c86e90d061b782e3a7c0",
    "fingerprint_sha256": "46edf0782e0fb5a47e39623460756e900a08d39ee9c57c4b2d3b09448a0dd721",
    "not_before": "2021-04-02 01:00:48 UTC",
    "not_after": "2021-07-01 01:00:48 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "webmail.so36.net",
    "subjectAltName": "DNS:webmail.so36.net",
    "serial": "04F9E85BA4CAF6D325F064F84530E601E3F2",
    "fingerprint_sha1": "eebb379565b3833d28b7eb484b77ac6b4786fd01",
    "fingerprint_sha256": "6a39a819a5e30a0f9f11a149d261b7f3742d7d1764b803d7842aaf2c0176ba4b",
    "not_before": "2021-03-17 01:59:18 UTC",
    "not_after": "2021-06-15 01:59:18 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "www.so36.net",
    "subjectAltName": "DNS:so36.net, DNS:www.so36.net",
    "serial": "04170A0C20024EB845E7069FF23E99B286BF",
    "fingerprint_sha1": "7933ef87be1d7c7c2caf3906ec9ea02b5a31e24d",
    "fingerprint_sha256": "b3888052737fcbcf7450fdb14471f37ca9165ba7164711537303080aafd881af",
    "not_before": "2021-03-12 03:25:45 UTC",
    "not_after": "2021-06-10 03:25:45 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "ftp.so36.net",
    "subjectAltName": "DNS:ftp.so36.net",
    "serial": "03EB38FF3F37287B1EE4AD2A9553DF1DD84B",
    "fingerprint_sha1": "dd11ad6c4ef3cba9075138e88dc7b18369ee9182",
    "fingerprint_sha256": "2a93a3c609fd8e31cf7ac4346ea8c6282842037bd542a6512fed8fb1cb56497b",
    "not_before": "2021-03-02 03:21:21 UTC",
    "not_after": "2021-05-31 03:21:21 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "openpgpkey.so36.net",
    "subjectAltName": "DNS:openpgpkey.so36.net",
    "serial": "04CCF2DC28ECE02622B684CFBCDDF56BE5CE",
    "fingerprint_sha1": "4c01eef667fa9bae7dc2f58ba3945153bb1adf0e",
    "fingerprint_sha256": "ff6bc6bfb918b56e94fa1abe1b76419b32b4660264deb77917d6fd450f1c8277",
    "not_before": "2021-03-15 03:21:43 UTC",
    "not_after": "2021-06-13 03:21:43 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "autoconfig.mail36.net",
    "subjectAltName": "DNS:autoconfig.mail36.net",
    "serial": "0325C7E93F172C332E4013D9A36D0CA0D4A7",
    "fingerprint_sha1": "f03bd28e4a8d9829b7a5fb26af104bae9882b428",
    "fingerprint_sha256": "fd09c2c1b9e3c195edf8d212d6d783abd7f2bc6fbc10634ea34795fc68854e9a",
    "not_before": "2021-03-05 03:24:45 UTC",
    "not_after": "2021-06-03 03:24:45 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "autoconfig.so36.net",
    "subjectAltName": "DNS:autoconfig.so36.net",
    "serial": "030CABF921D93592B27ED78CEB1767E0FF76",
    "fingerprint_sha1": "882b2a2e4201c889056fa752afc25b5178437c8e",
    "fingerprint_sha256": "27e6994a75f5a3ef4288a6f8562f9a012ac765b56c9589add89d15c8d60a7c8b",
    "not_before": "2021-03-17 03:21:19 UTC",
    "not_after": "2021-06-15 03:21:19 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "codecoop.org",
    "subjectAltName": "DNS:codecoop.org, DNS:git.codecoop.org",
    "serial": "04261E9B1E53E2BEAB9BF05B4895FE9D8BD6",
    "fingerprint_sha1": "c214233dc7873ad6d14926460070993d056e7c74",
    "fingerprint_sha256": "ad0509bc77c44346a8d1b43bc12398509db9f13a826ee626c99c5017d018f187",
    "not_before": "2021-04-04 02:28:33 UTC",
    "not_after": "2021-07-03 02:28:33 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "jabber.so36.net",
    "subjectAltName": "DNS:jabber.so36.net",
    "serial": "04FB8EDF1625669A194315B6C271471A093F",
    "fingerprint_sha1": "bc0c29ebaccc9654a8df976f1dfa901c432b602a",
    "fingerprint_sha256": "04342b241545d4f8b126bfc0382e6f967241eb2161c9d08154656717badd3b28",
    "not_before": "2021-04-06 22:21:12 UTC",
    "not_after": "2021-07-05 22:21:12 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "talk36.net",
    "subjectAltName": "DNS:talk36.net",
    "serial": "0355F95559754D64AB5350F1D82FF1181981",
    "fingerprint_sha1": "aa797ccc99472829eac55385952b31cf4b469b71",
    "fingerprint_sha256": "b69030df2eb71ca9d18d43731e52708fda7b12f2b6c8644286dd58e7af0841d9",
    "not_before": "2021-03-27 23:21:30 UTC",
    "not_after": "2021-06-25 23:21:30 UTC",
    "issuer_CN": "R3"
  },
  {
    "subject_CN": "lists36.net",
    "subjectAltName": "DNS:lists36.net",
    "serial": "037537B40B7F6B94DFF8E08E135DDD68E2CA",
    "fingerprint_sha1": "559c4d57e8b85d87408a9cf5a647f74c90d7acb4",
    "fingerprint_sha256": "db5d852eb4d51767f959fde394e7c17b18900007c690a2b250f1be09260bfd04",
    "not_before": "2021-04-09 02:21:25 UTC",
    "not_after": "2021-07-08 02:21:25 UTC",
    "issuer_CN": "R3"
  }
]
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSDoigSDlA4bE4QVE98SGyEXcMpawUCYH8VfwAKCRB8SGyEXcMp
a2o1AQDQSgEKbP65kWh3eNnuyiyk/ioUwlWMi9Bi/gpdGf33aAEA7iFI1ZguK3Dq
dNYZikExVU//znVIlG4cafuO73+x+As=
=+ahL
-----END PGP SIGNATURE-----