Hi,
I've recently (noticed today) been getting SSL certificate errors from jabber.earth.li, apparently because the root of the chain isn't trusted. openssl says:
Verify return code: 20 (unable to get local issuer certificate)
Am I missing a certificate, or is something wrong with jabber.earth.li's?
Happy to run additional tests this end if that helps.
Regards,
Chris
On Tue, Apr 07, 2015 at 01:23:24PM +0100, Chris Emerson wrote:
I've recently (noticed today) been getting SSL certificate errors from jabber.earth.li, apparently because the root of the chain isn't trusted. openssl says:
Verify return code: 20 (unable to get local issuer certificate)Am I missing a certificate, or is something wrong with jabber.earth.li's?
Happy to run additional tests this end if that helps.
The certificate is signed by the CACert (https://www.cacert.org/) root certificate. It was renewed yesterday so it's possible if you accepted it manually previously you may need to do so again.
J.
On Tue, Apr 07, 2015 at 01:33:10PM +0100, Jonathan McDowell wrote:
On Tue, Apr 07, 2015 at 01:23:24PM +0100, Chris Emerson wrote:
I've recently (noticed today) been getting SSL certificate errors from jabber.earth.li, apparently because the root of the chain isn't trusted. openssl says:
Verify return code: 20 (unable to get local issuer certificate)Am I missing a certificate, or is something wrong with jabber.earth.li's?
Happy to run additional tests this end if that helps.
The certificate is signed by the CACert (https://www.cacert.org/) root certificate. It was renewed yesterday so it's possible if you accepted it manually previously you may need to do so again.
Also, it's worth bearing in mind that CAcert has been removed from the Debian certificate store from jessie onwards, which makes it less useful (in my mind, anyway) than it was.
Looking forward to https://letsencrypt.org/ ...
Cheers, Dominic.
-
Chris Emerson -
Dominic Hargreaves -
Jonathan McDowell