Modify

Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#9269 closed defect (fixed)

Webserver configuration is insufficient to allow for SSL certificate validation

Reported by: fercerpav@… Owned by: kaloz
Priority: normal Milestone: Barrier Breaker 14.07
Component: website Version: Trunk
Keywords: Cc:

Description

I noticed your server certificate is issued by a commonly trusted
authority but in some circumstances clients still have difficulties
validating it.

The reason for that is that your certificate is issued by
"CN = Starfield Secure Certification Authority"
which is an intermediate certificate authority (issued by "OU =
Starfield Class 2 Certification Authority"). Debian's ca-certificates package
(ver. 20090814+nmu2) comes with
"OU = Starfield Class 2 Certification Authority"
which is considered to be trusted.

To allow an SSL/TLS client to validate all the chain up to a trusted
root CA, it should have all the certificates in the chain. With Apache
it's usually done with "SSLCertificateChainFile" option.

Manual testing is possible with:
openssl s_client -connect dev.openwrt.org:443 -CApath /etc/ssl/certs/

Attachments (0)

Change History (3)

comment:1 Changed 7 years ago by jow

  • Owner set to kaloz
  • Status changed from new to assigned

comment:2 Changed 7 years ago by kaloz

  • Resolution set to fixed
  • Status changed from assigned to closed

should be fixed now

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.