Re: NSM certificate prompt

[Michael Albinus]

Eli Zaretskii <address@hidden> writes:

> If I use eww to connect to www.google.com and then click on the "Sign
> in" link, I get the following buffer displayed to me by the NSM:
>
>   Certificate information
>   Issued by:          Google Internet Authority G2
>   Issued to:          Google Inc
>   Hostname:           accounts.google.com
>   Public key:         RSA, signature: RSA-SHA1
>   Protocol:           TLS1.2, key: ECDHE-RSA, cipher: AES-128-GCM, mac: AEAD
>   Security level:     Medium
>   Valid:              From 2014-12-03 to 2015-03-03
>
>
>   The TLS connection to accounts.google.com:443 is insecure for the
>   following reasons:
>
>   certificate signer was not found (self-signed)
>   certificate could not be verified
>
> This is in Emacs 25.0.50 built with GnuTLS 3.3.11 on MS-Windows.
> Other Web browsers on this system don't have any trouble displaying
> that page.  Do others see this on other systems?  Is my system/Emacs
> somehow misconfigured wrt certificates?

"Other Web browsers" carry builtin certificates. For example if you use
Firefox, click on the lock icon heading the url. Click on "More
Information". Click on "View Certificate". In the "Details" tab, you'll
see that "Google Internet Authority G2" is signed by "GeoTrust Global
CA", which is signed by "Equifax Secure CA". The latter one is a builtin
certificate Firefox knows about, so it is a valid certificate chain.

> TIA

Best regards, Michael.