South African Post Office website security certificate problems

TFA said:
“The certificates are issued by the SA Post Office’s Trust Centre, which is accredited by the South African Accreditation Authority, in terms of the Electronic Communications and Transactions Act 25 of 2002,” said Mncwabe.
Click to expand...

Oh ye gods, the Post Office is now trying to be a root CA as well.

I sincerely hope that the browser and operating system vendors tell them exactly where to shove it.
 
It's been this way for ages, I'm pretty sure we were laughing about this at work over a year ago.
 
What a shoddy article and write-up. SAPO very well manages their own certs and at some point in time seems to have been a valid CA - Their certs are here: https://www.trustcentre.co.za/links.php

There is also a KPMG validation here - https://cert.webtrust.org/SealFile?seal=1739&file=pdf

It is troublesome to see that the certs are SHA1 (deprecated) and all points to server misconfiguration and possibly revocation of the root CA. I am surprised that the reporter could not ask the appropriate questions to get an explanation.

FWIW - SAPO is also listed on Microsoft's Trusted Root CA list - http://social.technet.microsoft.com...ficate-program-participants-v-2016-april.aspx

I guess someone will issue an apology/retraction soon :whistle:

(At the Microsoft admins - you should be able to verify this via certutil -generateSSTFromWU CAroots.sst)


On a side note: I never knew this (https://www.trustcentre.co.za/legal.php) - it's a pity that the peeps at the top of SAPO did not utilise their CA function better - i.e. outside of government.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X