[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows



Hi Andrew,
Thank you for taking a stab at this issue!  I just tried this now, and
it still doesn't work.  I don't remember precisely what the chain
looked, so I can't be sure I'm seeing anything different at all. I
restarted Chrome (but not Windows).  Both www.torproject.org and
trac.torproject.org show the same error.
The chain that I see now is:
*.torproject.org --> DigiCert High Assurance CA-3 --> DigiCert
(i've attached a screen shot of this.)

Thanks,
Greg

2012/1/4 Andrew Lewman <andrew@xxxxxxxxxxxxxx>:
> I think this is fixed for www.torproject.org now. Digicert apparently
> updated their ca chained certs at some point. I've put the updated
> ca-certs on the www servers. If this works, we can update them on all
> torproject servers.
>
> And for fun, I've attached the gnutls-cli output of the old cert in
> place and the new cert in place.
>
> tl;dr we went from:
> our cert -> DigiCert High Assurance CA-3
>
> to now:
> cert -> DigiCert High Assurance CA-3 -> DigiCert High Assurance EV Root
> CA
>
> I couldn't replicate the problem in Chromium, FF9, nor whatever version
> of android i have on an obsolete phone.
>
> --
> Andrew
> http://tpo.is/contact
> pgp 0x74ED336B
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk