Re: NSM certificate prompt

[Eli Zaretskii]

> From: Michael Albinus <address@hidden>
> Date: Sat, 13 Dec 2014 16:27:32 +0100
> Cc: address@hidden
> 
> "Other Web browsers" carry builtin certificates. For example if you use
> Firefox, click on the lock icon heading the url. Click on "More
> Information". Click on "View Certificate". In the "Details" tab, you'll
> see that "Google Internet Authority G2" is signed by "GeoTrust Global
> CA", which is signed by "Equifax Secure CA". The latter one is a builtin
> certificate Firefox knows about, so it is a valid certificate chain.

If I do the same for savannah.gnu.org in IE, it shows the following
certification path:

   UTN-USERFirst-Hardware
    Gandi Standard SSL CA
     savannah.gnu.org

Emacs's eww prompts me about https://savannah.gnu.org and shows me
this information about its certificate:

  Certificate information
  Issued by:          Gandi Standard SSL CA
  Issued to:          Domain Control Validated
  Hostname:           savannah.gnu.org
  Public key:         RSA, signature: RSA-SHA1
  Protocol:           TLS1.0, key: RSA, cipher: AES-128-CBC, mac: SHA1
  Security level:     Medium
  Valid:              From 2014-03-05 to 2015-03-05


  The TLS connection to savannah.gnu.org:443 is insecure for the
  following reasons:

  certificate signer was not found (self-signed)
  certificate could not be verified

which also talks about Gandi Standard SSL CA.  So I wonder why GnuTLS
isn't happy with this, while MS IE is.  Am I missing something?

(Please be gentle: I know nothing about Internet security and
certificates.)