[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45358: bootstrap fails due to a certificate mismatch
From: |
Erik Auerswald |
Subject: |
bug#45358: bootstrap fails due to a certificate mismatch |
Date: |
Tue, 9 Mar 2021 11:35:58 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi,
On Tue, Mar 09, 2021 at 11:28:18AM +0200, Grigoriy Sokolik wrote:
> I've rechecked:
I cannot reproduce the problem, the certificate is trusted by my system:
# via IPv4
$ gnutls-cli --verbose translationproject.org </dev/null | grep -E
'Connecting|Status'
Connecting to '80.69.83.146:443'...
- Status: The certificate is trusted.
# via IPv6
$ gnutls-cli --verbose translationproject.org </dev/null | grep -E
'Connecting|Status'
Connecting to '2a01:7c8:c037:6::20:443'...
- Status: The certificate is trusted.
It seems to me as if your system does not trust the used root CA.
> [...]issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.'[...]
On my Ubuntu 18.04 system, I find it via symlink from /etc/ssl/certs:
$ ls /etc/ssl/certs/DST_Root_CA_X3.pem -l
lrwxrwxrwx 1 root root 53 Mai 28 2018 /etc/ssl/certs/DST_Root_CA_X3.pem ->
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
$ certtool --certificate-info <
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt | grep Subject:
Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
HTH,
Erik
--
[A]pplied cryptography mostly sucks.
-- Green's law of applied cryptography