On 09/28/2014 02:09 AM, Michael Shuler wrote: > On 09/25/2014 04:14 AM, Emerick 'mz' Mounoury wrote: >> On 09/24/2014 09:25 PM, Michael Shuler wrote: >>> Do you have a test SSL site URL on your system to see the full trust >>> chain? There are 4 AddTrust root CAs in ca-certificates, so I'd like >>> to see the trust path to better understand your problem. Thanks! >>> >> >> First, thank you for your prompt answer ! >> >> Yes, sure, you can test our service using this test URL : >> https://simplehosting.mz23.in >> >> I check the SSL connection using openssl as is as we are using SNI : >> >> openssl s_client -connect simplehosting.mz23.in:443 -showcerts -CApath >> /etc/ssl/certs -servername simplehosting.mz23.in > > This appears to validate fine for me on the current version of > ca-certificates. Quick check attached. >
Yes, because we integrated in our own-made ca-certificates package installed on our SSL/X509 reverse proxy the cross-signed certificate (usertrust) between our intermediate (gandi ssl ca 2) and the root ca (addtrust). -- \o/ Emerick "mz" Mounoury Gandi.net Domain name registrar.. No Bullshit ™ Hosting for geeks... and more ! GPG : 76669398 - 079F 00DF 0FEA D0D2 1728 248E 0F15 B1F7 7666 9398
0x76669398.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
