"update-ca-certificates --fresh" or c_rehash does not fix the issue for me.
Whereas your example with ev-root.digicert.com is ok, the other tests I mentioned are not OK wget https://postfinance.ch --2013-06-10 15:36:43-- https://postfinance.ch/ Resolving postfinance.ch (postfinance.ch)... 194.41.226.14 Connecting to postfinance.ch (postfinance.ch)|194.41.226.14|:443... connected. ERROR: cannot verify postfinance.ch's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA': Unable to locally verify the issuer's authority. wget https://cs.directnet.com --2013-06-10 15:38:17-- https://cs.directnet.com/ Resolving cs.directnet.com (cs.directnet.com)... 198.240.216.7 Connecting to cs.directnet.com (cs.directnet.com)|198.240.216.7|:443... connected. ERROR: cannot verify cs.directnet.com's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA': Unable to locally verify the issuer's authority. I'm not sure what systems I tested this on when reporting a year ago, but looking again now, its Ubuntu server 12.04, and most of my servers are upgraded from previous releases. Some are 32 bit, some 64 bit. Next, went to a Ubuntu 12.04 system that was installed a month ago (i.e. no upgrades), - "wget https://cs.directnet.com"; also gives the above error - and running "update-ca-certificates --fresh" or c_rehash does not change the result. - running "curl -v https://test.sagepay.com"; (Kevins case) fails too, as does "https://www1.pole-emploi.fr"; Finally also did an "apt-get update && apt-get upgrade" incase there were some patches that might be relevant. No difference though. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1014640 Title: 12.04/openssl refusing some verisign certified sites To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1014640/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
