[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Intermediate Certificate problem
From: |
Simon Brown |
Subject: |
Intermediate Certificate problem |
Date: |
Mon, 05 Jul 2010 14:30:10 +0100 |
User-agent: |
Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Gojō) APEL/10.8 Emacs/23.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) |
Hi,
I use the Wanderlust email client and the Debian packager, Tatsuya has
recently changed to using GNU TLS from OpenSSL. This has caused a
problem for me as an IMAP server I use seems to have a certificate
problem which either didn't exist before or was ignored by OpenSSL.
The instructions to help diagnose the problem given by Tatsuya the
packager are shown below with the output. The server's administrators
claim there is not a problem as Thunderbird on Win32 has no
problem. Thunderbird does not include the Educational certificate in
its root store
I have worked around the problem by adding the intermediate
certificate to my local store. I would none the less be very grateful
for any help in locating the cause of the problem.
Thanks
Simon
gnutls-cli --port 993 --x509cafile /etc/ssl/certs/ca-certificates.crt
imap.student.gla.ac.uk
Resolving 'imap.student.gla.ac.uk'...
Connecting to '130.209.14.155:993'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `C=GB,ST=Scotland,L=Glasgow,O=University of Glasgow,OU=IT
Services,CN=imap.gla.ac.uk', issuer `C=BE,O=Cybertrust,OU=Educational
CA,CN=Cybertrust Educational CA', RSA key 2048 bits, signed using RSA-SHA,
activated `2009-08-12 14:57:14 UTC', expires `2012-08-12 14:57:14 UTC', SHA-1
fingerprint `41655d6147b0ddaa75cfab94a8a80a4f43ab9091'
- Certificate[1] info:
- subject `C=BE,O=Cybertrust,OU=Educational CA,CN=Cybertrust Educational CA',
issuer `C=US,O=GTE Corporation,OU=GTE CyberTrust Solutions\, Inc.,CN=GTE
CyberTrust Global Root', RSA key 2048 bits, signed using RSA-SHA, activated
`2006-03-14 20:30:00 UTC', expires `2013-03-14 23:59:00 UTC', SHA-1 fingerprint
`60983654d7ec611d76c2cd5557ca47ad3930c9ca'
- The hostname in the certificate matches 'imap.student.gla.ac.uk'.
- Peer's certificate issuer is not a CA
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
*** Verifying server certificate failed...
- Intermediate Certificate problem,
Simon Brown <=