https://www.ssllabs.com/ssltest/analyze.html?d=savannah.gnu.org
Looks like "USERTrust RSA Certification Authority" root CA cert is missing from the ca-certificates store of fencepost. Not sure when it was added to browser's root store, but might be a good idea to send it along with the entire certificate chain for now. Better yet, update fencepost's ca-certificates. Aside from that, it would be nice if savannah's SSL/TLS config was updated to enable better cipher suite choices and newer protocols. See https://wiki.mozilla.org/Security/Server_Side_TLS for some examples on how to do this. ~reed On Mon, Mar 9, 2015 at 11:46 AM, Ineiev <ine...@gnu.org> wrote: > On Mon, Mar 02, 2015 at 10:15:31PM +0000, Bob Proulx wrote: > > The https SSL certificates for the Savannah web site have been updated. > > It looks like this disabled some of my cron jobs on fencepost.gnu.org; > it used to wget https://...savannah.gnu.org/...; now it says > ERROR: cannot verify savannah.gnu.org's certificate, issued by > `/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2': > Unable to locally verify the issuer's authority. > > Probably I should file a request to sysadmin, or configure > something in ~/. > > Any ideas? > >
