Hello,
I have a similar issue, maybe the same one. Just visit
https://www.huk24.de/ and it tells you scary warnings about bad
self-signed certificate. But it's BS, the certificate works just fine in
Firefox/Iceweasel or Chromium and they all like it. Just Qupzilla
complains about self-signed certificate. OTOH Qupzilla is right (see
below, it is self-signed) but I wonder why others accept it... maybe
they were added to the root keyring of that browser but not to
qtwebkit's keyring?
Regards,
Eduard.
$ openssl s_client -connect www.huk24.de:443
CONNECTED(00000003)
depth=2 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust
Center, CN = T-TeleSec GlobalRoot Class 3
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/jurisdictionC=DE/businessCategory=Private Organization/serialNumber=HRB
100/jurisdictionL=Coburg/C=DE/ST=Bayern/L=Coburg/O=HUK-COBURG/OU=IB/CN=www.huk24.de
i:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust
Center/ST=Nordrhein Westfalen/postalCode=57250/L=Netphen/street=Untere
Industriestr. 20/CN=TeleSec ServerPass Extended Validation Class 3 CA
1 s:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust
Center/ST=Nordrhein Westfalen/postalCode=57250/L=Netphen/street=Untere
Industriestr. 20/CN=TeleSec ServerPass Extended Validation Class 3 CA
i:/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust
Center/CN=T-TeleSec GlobalRoot Class 3
2 s:/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust
Center/CN=T-TeleSec GlobalRoot Class 3
i:/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust
Center/CN=T-TeleSec GlobalRoot Class 3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHyTCCBrGgAwIBAgIIaRWylJdtXjIwDQYJKoZIhvcNAQELBQAwgfMxCzAJBgNV
BAYTAkRFMSUwIwYDVQQKDBxULVN5c3RlbXMgSW50ZXJuYXRpb25hbCBHbWJIMR8w
HQYDVQQLDBZULVN5c3RlbXMgVHJ1c3QgQ2VudGVyMRwwGgYDVQQIDBNOb3Jkcmhl
aW4gV2VzdGZhbGVuMQ4wDAYDVQQRDAU1NzI1MDEQMA4GA1UEBwwHTmV0cGhlbjEg
MB4GA1UECQwXVW50ZXJlIEluZHVzdHJpZXN0ci4gMjAxOjA4BgNVBAMMMVRlbGVT
ZWMgU2VydmVyUGFzcyBFeHRlbmRlZCBWYWxpZGF0aW9uIENsYXNzIDMgQ0EwHhcN
MTUwNjAyMTIzOTI2WhcNMTYwNjA3MjM1OTU5WjCBxzETMBEGCysGAQQBgjc8AgED
DAJERTEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTB0hS
QiAxMDAxFzAVBgsrBgEEAYI3PAIBAQwGQ29idXJnMQswCQYDVQQGEwJERTEPMA0G
A1UECAwGQmF5ZXJuMQ8wDQYDVQQHDAZDb2J1cmcxEzARBgNVBAoMCkhVSy1DT0JV
UkcxCzAJBgNVBAsMAklCMRUwEwYDVQQDDAx3d3cuaHVrMjQuZGUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFLUIU0cOczfTIScUXqOusRPYWfr8rpeiY
b2v21+uoP9cltYEfvrvdITswaG0JYBQGV3UXkuszVzVRQZM4ZbNfkxrA+jWjEDC/
XYpZ0W3GCISGuNORiF3TjzXGBPpU8GV4rmg35SCbOrvpyXaUwubbPs2QHk5FRVrc
CrhmAZR5+RACwLJz49O3G9EGbBws9TypmbMIM57GKlxqGABPkgg2DwtjLJI/sRy6
Ho+AEaim5zYSPiSAsf2Qh4RW6h1lo+scQtu0Cs1Ra+O0dexDC4AcTFEK/zkFghZC
SrZxzNxONstvs9rWxnc5BB45fstAzFacXyqJ+yaCasf8I7juYNSbAgMBAAGjggOJ
MIIDhTAfBgNVHSMEGDAWgBQwLNVP0gjRPeOngpKCN4ltZrkPrzAdBgNVHQ4EFgQU
jZtweNTKPp2ouZNHB+86/GuxWZkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMCBggrBgEFBQcDATBQBgNVHSAESTBHMEUGCisGAQQBvUcNGAEwNzA1
BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBhc3MvY3Bz
Lmh0bWwwggEgBgNVHR8EggEXMIIBEzBDoEGgP4Y9aHR0cDovL2NybC5zZXJ2ZXJw
YXNzLnRlbGVzZWMuZGUvcmwvU2VydmVyUGFzc19FVl9DbGFzc18zLmNybDCBy6CB
yKCBxYaBwmxkYXA6Ly9sZGFwLnNlcnZlcnBhc3MudGVsZXNlYy5kZS9DTj1UZWxl
U2VjJTIwU2VydmVyUGFzcyUyMEV4dGVuZGVkJTIwVmFsaWRhdGlvbiUyMENsYXNz
JTIwMyUyMENBLE9VPVQtU3lzdGVtcyUyMFRydXN0JTIwQ2VudGVyLE89VC1TeXN0
ZW1zJTIwSW50ZXJuYXRpb25hbCUyMEdtYkgsQz1ERT9DZXJ0aWZpY2F0ZVJldm9j
YXRpb25MaXN0MIIBdQYIKwYBBQUHAQEEggFnMIIBYzAzBggrBgEFBQcwAYYnaHR0
cDovL29jc3Auc2VydmVycGFzcy50ZWxlc2VjLmRlL29jc3ByMGYGCCsGAQUFBzAC
hlpodHRwOi8vY3JsLnNlcnZlcnBhc3MudGVsZXNlYy5kZS9jcnQvVGVsZVNlY19T
ZXJ2ZXJQYXNzX0V4dGVuZGVkX1ZhbGlkYXRpb25fQ2xhc3NfM19DQS5jZXIwgcMG
CCsGAQUFBzAChoG2bGRhcDovL2xkYXAuc2VydmVycGFzcy50ZWxlc2VjLmRlL0NO
PVRlbGVTZWMlMjBTZXJ2ZXJQYXNzJTIwRXh0ZW5kZWQlMjBWYWxpZGF0aW9uJTIw
Q2xhc3MlMjAzJTIwQ0EsT1U9VC1TeXN0ZW1zJTIwVHJ1c3QlMjBDZW50ZXIsTz1U
LVN5c3RlbXMlMjBJbnRlcm5hdGlvbmFsJTIwR21iSCxDPURFP2NBQ2VydGlmaWNh
dGUwDAYDVR0TAQH/BAIwADAXBgNVHREEEDAOggx3d3cuaHVrMjQuZGUwDQYJKoZI
hvcNAQELBQADggEBAKwNzczqkKC0YEYACLpSOLF0DAu9vO/HeGGCq8Nj/KluTlTj
dt1VE0TyCDe4xUg+rMHnJ9GLkQSmXxl6BSv5kvZpDqPCIWCwyeWmehJmKzLfNy8v
tMTb+r7w+s1l4S/LpUKXvHlwXSwB2xdF68KHGrltatMri1Ka8p4E5MF7W6s02BGz
/DcEWs1MHa5qepip284YW3vPSULF7c4It/9ZMZCFOQTh1nD4Q7Z3/X0RfqtaEO6p
da9T20/XJzqv0xbpWuL2Immsn6/d1NDrso8eUaFPhyM0d1ybYxq8/FgSta/Xsabe
RkuCdlcK5E//xSDv1uVONmr30Ty+ot/0eR4n93k=
-----END CERTIFICATE-----
subject=/jurisdictionC=DE/businessCategory=Private
Organization/serialNumber=HRB
100/jurisdictionL=Coburg/C=DE/ST=Bayern/L=Coburg/O=HUK-COBURG/OU=IB/CN=www.huk24.de
issuer=/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust
Center/ST=Nordrhein Westfalen/postalCode=57250/L=Netphen/street=Untere
Industriestr. 20/CN=TeleSec ServerPass Extended Validation Class 3 CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 5343 bytes and written 505 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 1A85E8DAB16F84F1BC61404ABF7B918330F0D610DC6A744F0392FD9C1647BFFD
Session-ID-ctx:
Master-Key:
437021EA214B2D6859978410DA30AB06C0FA82E06150A785666180A9DC213FA6BEDF49AFA803BB80F905807946B27CAC
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 30 4e 4b f6 9f 35 49 e2-e3 09 76 ea 1c b6 ce 64 0NK..5I...v....d
0010 - 8c 90 aa bc 12 e9 f2 87-15 7c e5 c8 11 3e 02 b7 .........|...>..
0020 - 40 69 37 26 f4 91 37 0c-93 9c f5 43 6b 69 29 fa @i7&..7....Cki).
0030 - 27 4d 67 27 2b 36 8e 06-35 cf 0e 58 8d d2 37 fa 'Mg'+6..5..X..7.
0040 - 44 ea cf 7b a0 06 cb ba-aa d0 80 68 53 8b 39 79 D..{.......hS.9y
0050 - c4 cf de 5c aa d2 7c f6-15 e1 71 34 37 a9 10 37 ...\..|...q47..7
0060 - 38 74 79 ff 63 f5 ec 25-4a 7f fd 63 05 9e e1 00 8ty.c..%J..c....
0070 - 2b 2a f8 ba bd bc 20 a9-ba bf dc 4e 3f 45 fa 2b +*.... ....N?E.+
0080 - ec 05 01 45 bb f4 ec 12-8e f7 48 a0 8b 15 3d 3d ...E......H...==
0090 - 2c dd 4f 92 49 a2 88 42-66 6f a9 96 09 c8 fc 97 ,.O.I..Bfo......
00a0 - dd 57 62 ab cf d0 f9 0c-ef 6c 4f 2a 7f 19 76 fd .Wb......lO*..v.
00b0 - a6 53 6c 83 c6 3e 95 16-fe fe 76 5d 82 de 7e 42 .Sl..>....v]..~B
Start Time: 1449000855
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
