[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] WebDAV SSL certificate verify failed
From: |
Richard McGraw |
Subject: |
Re: [Duplicity-talk] WebDAV SSL certificate verify failed |
Date: |
Tue, 23 Feb 2016 23:16:50 +0100 |
On Tue, 23 Feb 2016 16:39:06 +0100
address@hidden wrote:
> On 07.02.2016 19:30, Richard wrote:
> > On Sun, Feb 7, 2016 at 10:46 AM, <address@hidden> wrote:
> >
> >> well, looks like _your_ cacert.pem is wrong/corrupt. can you send
> >> it to me? ..ede
> >
> >
> >
> > Here it is (compressed).
> >
>
> hey Rich,
>
> tried yours which is identical w/ the one still hosted on
> https://curl.haxx.se/docs/caextract.html .
>
> result was
>
> Certificate: C=DE,ST=Berlin,L=Berlin,O=Strato
> AG,OU=Rechenzentrum,CN=*.webdav.hidrive.strato.com Issued by:
> C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2 Checking against:
> C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2 Trusted
> Certificate: C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2
> Issued by: C=US,O=thawte\, Inc.,OU=Certification Services
> Division,OU=(c) 2006 thawte\, Inc. - For authorized use
> only,CN=thawte Primary Root CA Checking against: C=US,O=thawte\,
> Inc.,OU=Certification Services Division,OU=(c) 2006 thawte\, Inc. -
> For authorized use only,CN=thawte Primary Root CA Trusted
> Certificate: C=US,O=thawte\, Inc.,OU=Certification Services
> Division,OU=(c) 2006 thawte\, Inc. - For authorized use
> only,CN=thawte Primary Root CA Issued by: C=ZA,ST=Western Cape,L=Cape
> Town,O=Thawte Consulting cc,OU=Certification Services
> Division,CN=Thawte Premium Server CA,address@hidden
> ERROR: Certificate verification: Not trusted
>
> then i compared mine to yours and saw that yours missed certs for
> "Thawte Premium Server CA" and "Thawte Server CA"
>
> looks like mozilla removed these certs using 1024bit rsa
>
> https://blog.mozilla.org/security/2015/01/28/phase-2-phasing-out-certificates-with-1024-bit-rsa-keys/
>
> i added the two in the attached test.pem . using it w/
> --ssl-cacert-file works.
>
Thank you.
It works for me too.
> however:
>
> visiting
> https://inkohliso.webdav.hidrive.strato.com/
> w/ an uptodate firefox however works fine and show a cert chain
> ending at thawte Primary Root CA
> and not the obsolete
> Thawte Premium Server CA
> .
> maybe it depends on the version of ssl as well to support the "new",
> more secure certificates. not sure.
>
I don't know either.
> that's all folks.. ede
>
>
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard McGraw, 2016/02/03
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/03
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/03
- Message not available
- Message not available
- Message not available
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/04
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard McGraw, 2016/02/04
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/07
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard, 2016/02/07
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/23
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed,
Richard McGraw <=
Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard McGraw, 2016/02/03