After install from Precise Proposed the problem was gone.
Verification done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1014640
Title:
12.04/openssl refusing some verisign certified sites
To mana
** Branch linked: lp:~ubuntu-branches/ubuntu/lucid/ca-certificates
/lucid-proposed
** Branch linked: lp:~ubuntu-branches/ubuntu/precise/ca-certificates
/precise-proposed
** Branch linked: lp:ubuntu/quantal-proposed/ca-certificates
** Branch linked: lp:ubuntu/saucy-proposed/ca-certificates
--
Y
** Description changed:
Summary: SSL refuses to work with some https sites on both 12.04, 13.04,
13.10, for fresh and updated installations. It is an issue with
OpenSSL's handling of certificates..
- Fix: none yet, Openssl needs to be fixed upstream.
- http://rt.openssl.org/Ticket/Display
** Changed in: openssl (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1014640
Title:
12.04/openssl refusing some verisign certified sites
To manage notif
This bug was fixed in the package ca-certificates - 20130906ubuntu1
---
ca-certificates (20130906ubuntu1) trusty; urgency=low
* mozilla/certdata2pem.py: Work around openssl issue by shipping both
versions of the same signed roots. Previously, the script would simply
overwrit
** Branch linked: lp:ubuntu/trusty-proposed/ca-certificates
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1014640
Title:
12.04/openssl refusing some verisign certified sites
To manage notifications
** Also affects: ca-certificates (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1014640
Title:
12.04/openssl refusing some verisign certified site
** Description changed:
- Summary: SSL refuses to work with some sites on both 12.04 and 13.04,
- for fresh and updated installations. No known workarounds, although
- running c_rehash may help in some scenarios.
+ Summary: SSL refuses to work with some https sites on both 12.04, 13.04,
+ 13.10, f
There seems to be a mismatch between the "VeriSign Class 3 Public
Primary Certification Authority - G5" cert that is in Ubuntu, and the
one that is at the end of the cert chain returned by www.postfinance.ch:
In Ubuntu:
VeriSign Class 3 Public Primary Certification Authority - G5
Serial Number: 1
Fix:
Verisign's 2009 ROOT certificate is missing, so download it an install
it.
1) Copy the Root CA from Symantec:
https://knowledge.verisign.com/support/ssl-certificates-
support/index?page=content&id=AR1556
2) Save to a file like verisign2009.crt in
"/usr/local/share/ca-certificates/"
$ su
** Description changed:
+ Summary: SSL refuses to work with some sites on both 12.04 and 13.04,
+ for fresh and updated installations. No known workarounds, although
+ running c_rehash may help in some scenarios.
+
+ Original post:
After upgrading a 10.04 server to 12.04, SSL refuses to work wi
** Changed in: openssl
Status: Unknown => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1014640
Title:
12.04/openssl refusing some verisign certified sites
To manage notifications
** Bug watch added: OpenSSL RT #2732
http://rt.openssl.org/Ticket/Display.html?id=2732
** Also affects: openssl via
http://rt.openssl.org/Ticket/Display.html?id=2732
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs,
This problem also affects installs of 13.04 here, upgraded and fresh
installations as far as I can see
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1014640
Title:
12.04/openssl refusing some verisi
"update-ca-certificates --fresh" or c_rehash does not fix the issue for
me.
Whereas your example with ev-root.digicert.com is ok, the other tests I
mentioned are not OK
wget https://postfinance.ch
--2013-06-10 15:36:43-- https://postfinance.ch/
Resolving postfinance.ch (postfinance.ch)... 194.4
This bug might have been caused by changes in bug #854927 which stopped
running "update-ca-certificates --fresh" on each install. So I'm
guessing this might only affect people who went from Oneiric > Precise.
ca-certificates (20110502+nmu1ubuntu2) oneiric; urgency=low
* Really only call --fresh
TLDR summary: run "c_rehash" as root to fix this issue.
I just ran into this issue (symptoms: "wget https://ev-
root.digicert.com/", "openssl c_client ev-root.digicert.com" would fail)
.
The problem is that the symbolic links that are supposed to exist in
/etc/ssl/certs aren't there. Running "c_r
Similar problem on one of my 12.04 32bit Desktop installations.
postfinance.ch and sagepay.com are OK but
Firefox reports sec_error_unknown_issuer for
https://www1.pole-emploi.fr
On another 12.04 32bit Desktop machine this site is fine.
--
You received this bug notification because you are a mem
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openssl (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1014640
Title:
12
Any update on this issue? Testing now I'm still getting:
curl -v https://test.sagepay.com
* About to connect() to test.sagepay.com port 443 (#0)
* Trying 195.170.169.8... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake,
And the output from openssl on 12.04:
==
# openssl s_client -connect test.sagepay.com:443
CONNECTED(0003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c)
2006 VeriSign, Inc. - For authorized use only
There does appear to be an issue with 12.04.
>From a 10.04 server:
=
# strace -o /tmp/foo.out curl -Iv https://test.sagepay.com
* About to connect() to test.sagepay.com port 443 (#0)
* Trying 195.170.169.8... connected
* Co
I found a fix:
copy Verisign_Class_3_Public_Primary_Certification_Authority.crt from a
lucid/10.04 system (in /usr/share/ca-certificates/mozilla)
Sounds a bit whacky, but invalid certs have been delivered with 12.04?
I did a diff, the changes between 10.04 and 12.04 in that directory for
veris
23 matches
Mail list logo
