duplicity-talk
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] WebDAV SSL certificate verify failed


From: Richard McGraw
Subject: Re: [Duplicity-talk] WebDAV SSL certificate verify failed
Date: Tue, 23 Feb 2016 23:16:50 +0100

On Tue, 23 Feb 2016 16:39:06 +0100
address@hidden wrote:

> On 07.02.2016 19:30, Richard wrote:
> > On Sun, Feb 7, 2016 at 10:46 AM, <address@hidden> wrote:
> > 
> >> well, looks like _your_ cacert.pem is wrong/corrupt. can you send
> >> it to me? ..ede
> > 
> > 
> > 
> > Here it is (compressed).
> > 
> 
> hey Rich,
> 
> tried yours which is identical w/ the one still hosted on
> https://curl.haxx.se/docs/caextract.html .
> 
> result was
> 
> Certificate: C=DE,ST=Berlin,L=Berlin,O=Strato
> AG,OU=Rechenzentrum,CN=*.webdav.hidrive.strato.com Issued by:
> C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2 Checking against:
> C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2 Trusted
> Certificate: C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2
>  Issued by:        C=US,O=thawte\, Inc.,OU=Certification Services
> Division,OU=(c) 2006 thawte\, Inc. - For authorized use
> only,CN=thawte Primary Root CA Checking against: C=US,O=thawte\,
> Inc.,OU=Certification Services Division,OU=(c) 2006 thawte\, Inc. -
> For authorized use only,CN=thawte Primary Root CA Trusted
> Certificate: C=US,O=thawte\, Inc.,OU=Certification Services
> Division,OU=(c) 2006 thawte\, Inc. - For authorized use
> only,CN=thawte Primary Root CA Issued by: C=ZA,ST=Western Cape,L=Cape
> Town,O=Thawte Consulting cc,OU=Certification Services
> Division,CN=Thawte Premium Server CA,address@hidden
> ERROR: Certificate verification: Not trusted
> 
> then i compared mine to yours and saw that yours missed certs for
> "Thawte Premium Server CA" and "Thawte Server CA"
> 
> looks like mozilla removed these certs using 1024bit rsa
>  
> https://blog.mozilla.org/security/2015/01/28/phase-2-phasing-out-certificates-with-1024-bit-rsa-keys/
> 
> i added the two in the attached test.pem . using it w/
> --ssl-cacert-file works.
> 

Thank you.
It works for me too.

> however:
> 
> visiting
>  https://inkohliso.webdav.hidrive.strato.com/
> w/ an uptodate firefox however works fine and show a cert chain
> ending at thawte Primary Root CA
> and not the obsolete
>  Thawte Premium Server CA
> .
> maybe it depends on the version of ssl as well to support the "new",
> more secure certificates. not sure.
> 

I don't know either.

> that's all folks.. ede
> 
>  




reply via email to

[Prev in Thread] Current Thread [Next in Thread]