Security information about ict.siit.tu.ac.th Certificate for accessing https://ict.siit.tu.ac.th/ (including Moodle, SVN, ViewVC) ------------------------------------------------------------------------------------ As of 8 May 2015: ict.siit.tu.ac.th has a certicate signed by a widely available Certificate Authority, Comodo. A self-signed certificate is no longer used - if you see references to accepting the warning about the self-signed certificate then it means the instructions are out-of-date. You can ignore such instructions. The information below is left for historical purposes. As of 26 May 2014: Common Name: ict.siit.tu.ac.th Organization: Sirindhorn International Institute of Technology Organization Unit: School of ICT Issued on: 11 April 2014 Expires on: 11 April 2015 SHA1 Fingerprint=8E:A7:82:06:D3:3E:A1:D1:F2:A3:1C:98:74:C0:AA:9C:86:7C:4E:E5 MD5 Fingerprint=72:A0:DA:30:89:90:4D:3C:E9:E4:CE:32:74:74:81:65 This is a self-signed certificate. Certificate for accessing ict.siit.tu.ac.th via SSH: ------------------------------------------------------------------------------------ As of 26 May 2014: RSA: 62:2e:38:47:50:81:ba:14:4c:0d:c2:a9:f8:45:25:f5 DSA: e2:b7:c3:84:30:63:72:5d:12:8e:f6:6e:48:cc:1f:11 ECDSA: b2:b0:ce:68:05:62:9b:1d:45:a3:9d:b3:c3:7e:69:67 Security Issues ------------------------------------------------------------------------------------ As of 8 May 2015: t The security issues of using a self-signed certificate no longer apply. We now have a certificate signed by Comodo. The following is left only for historical purposes. The ICT website uses a self-signed certificate when accessed using HTTPS. Using HTTPS gives protection from casual attackers intercepting (eavesdropping) data, e.g. sent over a WiFi network. However the use of a self-signed certificate means a slightly more determined attacker could pretend to be the ICT server without you noticing, and subsequently intercept your data. The only way to prevent this to to check the SHA1 fingerprint in the certificate present to your browser against the SHA1 fingerprint listed above. They must be the same. I realise very few people will perform this check, so until a verified certificate (issued by a trusted Certificate Authority) is used for ICT (hopefully coming soon), the access to ict.siit.tu.ac.th is not very secure. For any queries about ICT, contact Steven Gordon in his office at Bangkadi or at steve@siit.tu.ac.th