this post was submitted on 05 Jun 2026
12 points (100.0% liked)

Cybersecurity

10055 readers
50 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 3 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
12
Why am I seeing this? How do I know if it is safe to accept? (sh.itjust.works)
submitted 1 day ago by pixeldaemon@sh.itjust.works to c/cybersecurity@sh.itjust.works
9 comments fedilink hide all child comments
 

This popped up in Conversations today and I'm concerned

all 10 comments
sorted by: hot top controversial new old
[–] exu@feditown.com 7 points 1 day ago (1 children)

Looks like the certificate expired. Whoever runs that service needs to renew it.

It's probably fine, but if you want to be absolutely safe you shouldn't continue. Just wait a bit and it'll probably be fixed

[–] pixeldaemon@sh.itjust.works 2 points 1 day ago* (last edited 1 day ago) (1 children)

I've checked the website of xmpp dot japan, it has totally different certificates rn. Like, it has Google Trust certificate while the popup shows Let's Encrypt and ISRG. Seems weird

[–] elmicha@feddit.org 2 points 1 day ago (1 children)

The website and the XMPP server can have different certificates.

[–] pixeldaemon@sh.itjust.works 1 points 1 day ago (2 children)

Popup says "valid for xmpp.jp and *.xmpp.jp"

[–] kungen@feddit.nu 10 points 1 day ago* (last edited 1 day ago)

It doesn't mean the website is using the same certificate. One can include as many domains as they want in a certificate, but nothing stops them from using something else.

But it's probable that they have some certificate renewal script that has reloaded the certificate on their website, but the service that you're connecting to still has the old certificate loaded.

Edit: yep, see https://bgp.he.net/certs#_SearchTab%3Fq=api.xmpp.jp , it looks like they did a renewal recently, but probably haven't reloaded their cert. So it'd probably be fine to accept it, or just wait a bit for them to realize and reload.

[–] elmicha@feddit.org 3 points 1 day ago

It would be valid if it would be served by the XMPP server, but it is not:

% openssl s_client -connect xmpp.jp:5222 </dev/null -starttls xmpp
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = E8
verify return:1
depth=0 CN = xmpp.jp
verify error:num=10:certificate has expired
notAfter=Jun  5 10:51:05 2026 GMT
verify return:1
depth=0 CN = xmpp.jp
notAfter=Jun  5 10:51:05 2026 GMT
verify return:1
***
Certificate chain
0 s:CN = xmpp.jp
i:C = US, O = Let's Encrypt, CN = E8
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
v:NotBefore: Mar  7 10:51:06 2026 GMT; NotAfter: Jun  5 10:51:05 2026 GMT
...
[–] Jerry@feddit.online 5 points 1 day ago (2 children)

Both the client and the server machines must have reasonably accurate system clocks for an SSL/TLS handshake to succeed. Either your machine or their machine probably needs a time adjustment.

[–] pixeldaemon@sh.itjust.works 1 points 1 day ago (1 children)

The mine is configured to network time, but it is not syncing with my region, just the region having same offset from UTC (both have no DST anyway), may that cause any trouble?

[–] Jerry@feddit.online 4 points 1 day ago

If you're able to connect to other websites, then I doubt it's you.