[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows



Running www.digicert.com through that tool shows the 2nd intermediate certificate that needs to be included.

-Pascal


On 1/4/2012 2:21 PM, Pascal wrote:
The tool at http://www.digicert.com/help/ does a good job of showing
what is going on with a web site's certs. Traditionally a website is
expected to send its own server cert and all intermediate certs, but not
the root cert. You can run www.google.com through that tool to see how
this looks. Running freenet.us.to through that tool shows how a site
including the root cert looks. Running www.torproject.org through there
shows that there are actually 2 intermediate certs required for the
server cert used, but only 1 of them is being included.

-Pascal


On 1/4/2012 2:10 PM, Ondrej Mikle wrote:
2. Since www.torproject.org does not send DigiCert root CA cert in
handshake, each browser builds yet another chain to root.

Though it might be helpful if www.torproject.org sent whole chain (up to
Digicert root).

Ondrej
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk