[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: curl server certificate verification failed for a few sites
From: |
Tobias Geerinckx-Rice |
Subject: |
Re: curl server certificate verification failed for a few sites |
Date: |
Thu, 04 Jun 2020 18:43:10 +0200 |
Giovanni Biscuolo 写道:
Jack Hill <jackhill@jackhill.us> writes:
The error wget gives is a little bit better,
FWIW, I use this (extremely verbose) command to debug/check my own
servers:
$ openssl s_client -showcerts -servername
voices.transparency.org \
-connect voices.transparency.org:443
Therefore, I think the fix is for voices.transparency.org to
update the
certificate chain/bundle that they are sending.
They're also sending intermediate certificates that they shouldn't
be sending in the first place[0] which doesn't help matters. I
agree that this looks like an outdated server (mis)configuration.
Yes. All modern clients and operating systems have the newer,
modern
COMODO and USERTrust roots which don’t expire until 2038.
Right, but ‘modern’ there means ~2015.
Kind regards,
T G-R
[0]:
https://www.ssllabs.com/ssltest/analyze.html?d=voices.transparency.org&s=52.4.38.70&hideResults=on
signature.asc
Description: PGP signature