Gnupg SSL Cert Errors

April 5, 2015

You try to do one little thing… and it turns into a herd of yaks. We’ve got a serious yak problem around this here internet.

keys.gnupg.net uses an invalid security certificate...

No, it uses more than one. Lets elucidate.

keys.gnupg.net.         85040   IN      CNAME   pool.sks-keyservers.net.
pool.sks-keyservers.net. 60     IN      A       140.211.169.202
pool.sks-keyservers.net. 60     IN      A       173.79.12.47
pool.sks-keyservers.net. 60     IN      A       176.9.100.87
pool.sks-keyservers.net. 60     IN      A       192.146.137.11
pool.sks-keyservers.net. 60     IN      A       198.84.249.106
pool.sks-keyservers.net. 60     IN      A       211.155.92.83
pool.sks-keyservers.net. 60     IN      A       37.59.144.15
pool.sks-keyservers.net. 60     IN      A       46.229.47.134
pool.sks-keyservers.net. 60     IN      A       78.47.176.74
pool.sks-keyservers.net. 60     IN      A       130.83.63.25

140.211.169.202 uses an invalid security certificate. 
The certificate is only valid for the following names: 
*.fedoraproject.org, fedoraproject.org 
(Error code: ssl_error_bad_cert_domain)

173.79.12.47 uses an invalid security certificate. 
The certificate is only valid for the following names: 
keys.stueve.us, *.stueve.us, stueve.us, *.stueve.tv, stueve.tv 
(Error code: ssl_error_bad_cert_domain)

176.9.100.87 uses an invalid security certificate. 
The certificate is only valid for git.ccs-baumann.de
(Error code: ssl_error_bad_cert_domain)

192.146.137.11 uses an invalid security certificate. 
The certificate is not trusted because the issuer certificate is unknown. 
The certificate is only valid for the following names: 
hkps.pool.sks-keyservers.net, *.pool.sks-keyservers.net, pool.sks-keyservers.net, pgpkeys.co.uk 
The certificate expired on 03/09/2015 05:47 AM. The current time is 04/05/2015 03:40 PM. 
(Error code: sec_error_unknown_issuer)

Iceweasel can't establish a connection to the server at 198.84.249.106.

211.155.92.83 uses an invalid security certificate. 
The certificate is not trusted because the issuer certificate is unknown. 
The certificate is only valid for the following names: 
hkps.pool.sks-keyservers.net, *.pool.sks-keyservers.net, pool.sks-keyservers.net, pek1.sks.reimu.io 
(Error code: sec_error_unknown_issuer)

37.59.144.15 uses an invalid security certificate. 
The certificate is not trusted because the issuer certificate is unknown. 
The certificate is only valid for the following names: 
hkps.pool.sks-keyservers.net, *.pool.sks-keyservers.net, pool.sks-keyservers.net, pgpkeys.eu 
(Error code: sec_error_unknown_issuer)

46.229.47.134 uses an invalid security certificate. 
The certificate is only valid for the following names: 
2015.alpha-labs.net, alpha-labs.net, *.alpha-labs.net, *.mc.alpha-labs.net, static.domian.alpha-labs.net 
(Error code: ssl_error_bad_cert_domain)

78.47.176.74 uses an invalid security certificate. 
The certificate is not trusted because the issuer certificate is unknown. 
The certificate is only valid for the following names: 
hkps.pool.sks-keyservers.net, *.pool.sks-keyservers.net, pool.sks-keyservers.net, sks.openpgp-keyserver.de 
(Error code: sec_error_unknown_issuer)

The server at 130.83.63.25 is taking too long to respond.

Not one entry with a valid ssl cert; not ONE. Our yaks, they are very shaggy this season. We are bootstrapping the future on a house of cards masquerading as a jenga set, instead of a sturdy scaffold. The wonder of it is, it’s working.

Gnupg SSL Cert Errors - April 5, 2015 - Kim Reece