Here's a series of commands: git clone https://git.eff.org/public/observatory.git cd observatory
# get the server response for twitter.com ./scan/FasterCertificateGrabber.py twitter.com # split it into component PEM certs ./inspect twitter.com.results cd certs # now try to verify it. Note that "allcerts" was a poorly chosen directory name. It should have been allCAs... openssl verify -untrusted twitter.com.results_2.pem -CApath ../allcerts/ twitter.com.results_1.pem # with openssl 0.9.8*, the above command will print # twitter.com.results_1.pem: OK # # but with 1.0.1c, it gives: # twitter.com.results_1.pem: C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)06, CN = VeriSign Class 3 Extended Validation SSL CA # error 20 at 1 depth lookup:unable to get local issuer certificate -- Peter
