[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] WebDAV SSL certificate verify failed
|
From: |
edgar . soldin |
|
Subject: |
Re: [Duplicity-talk] WebDAV SSL certificate verify failed |
|
Date: |
Tue, 23 Feb 2016 16:39:06 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 |
On 07.02.2016 19:30, Richard wrote:
> On Sun, Feb 7, 2016 at 10:46 AM, <address@hidden> wrote:
>
>> well, looks like _your_ cacert.pem is wrong/corrupt. can you send it to
>> me? ..ede
>
>
>
> Here it is (compressed).
>
hey Rich,
tried yours which is identical w/ the one still hosted on
https://curl.haxx.se/docs/caextract.html .
result was
Certificate: C=DE,ST=Berlin,L=Berlin,O=Strato
AG,OU=Rechenzentrum,CN=*.webdav.hidrive.strato.com
Issued by: C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2
Checking against: C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2
Trusted
Certificate: C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2
Issued by: C=US,O=thawte\, Inc.,OU=Certification Services
Division,OU=(c) 2006 thawte\, Inc. - For authorized use only,CN=thawte Primary
Root CA
Checking against: C=US,O=thawte\, Inc.,OU=Certification Services
Division,OU=(c) 2006 thawte\, Inc. - For authorized use only,CN=thawte Primary
Root CA
Trusted
Certificate: C=US,O=thawte\, Inc.,OU=Certification Services Division,OU=(c)
2006 thawte\, Inc. - For authorized use only,CN=thawte Primary Root CA
Issued by: C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting
cc,OU=Certification Services Division,CN=Thawte Premium Server CA,address@hidden
ERROR: Certificate verification: Not trusted
then i compared mine to yours and saw that yours missed certs for "Thawte
Premium Server CA" and "Thawte Server CA"
looks like mozilla removed these certs using 1024bit rsa
https://blog.mozilla.org/security/2015/01/28/phase-2-phasing-out-certificates-with-1024-bit-rsa-keys/
i added the two in the attached test.pem . using it w/ --ssl-cacert-file works.
however:
visiting
https://inkohliso.webdav.hidrive.strato.com/
w/ an uptodate firefox however works fine and show a cert chain ending at
thawte Primary Root CA
and not the obsolete
Thawte Premium Server CA
.
maybe it depends on the version of ssl as well to support the "new", more
secure certificates. not sure.
that's all folks.. ede
test.pem
Description: Text document
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard McGraw, 2016/02/03
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/03
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/03
- Message not available
- Message not available
- Message not available
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/04
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard McGraw, 2016/02/04
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, edgar . soldin, 2016/02/07
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard, 2016/02/07
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed,
edgar . soldin <=
- Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard McGraw, 2016/02/23
Re: [Duplicity-talk] WebDAV SSL certificate verify failed, Richard McGraw, 2016/02/03