I've stumbled on this problem myself, and I might have a clue as to what the problem is. The certificate chain sent by help.ubuntu.com:443 is in the wrong order:
$ openssl s_client -CApath /etc/ssl/certs/ -connect help.ubuntu.com:443 CONNECTED(00000003) depth=2 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/O=*.ubuntu.com/OU=Domain Control Validated/CN=*.ubuntu.com i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 1 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailaddress=i...@valicert.com 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority --- The last two certificates are in the wrong order. Certificate 0 has certificate 2 as issuer, but "Each following certificate MUST directly certify the one preceding it" (RFC 5246). Another problem with the certificate that very pedantic X.509 implementations will find is that the certificate for *.ubuntu.com uses a PrintableString to represent the string "*.ubuntu.com", but the PrintableString alphabet does not include the character "*". This can be checked by converting the certificate to DER format and running dumpasn1: 338 3: OBJECT IDENTIFIER commonName (2 5 4 3) 343 12: PrintableString '*.ubuntu.com' : Error: PrintableString contains illegal character(s). -- Official Ubuntu Documentation wiki pages Inaccessible from Android https://bugs.launchpad.net/bugs/566728 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
