-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/11/09 5:27 AM, Peter Saint-Andre wrote: > On 11/10/09 10:55 PM, Zachary West wrote: >> Is the certificate chain missing a link to the root, or is its root CA >> suddenly untrusted on Snow Leopard? > > I'm looking into this with folks from StartCom. There have, over time, > been two StartCom roots. Certificates issued by the XMPP ICA (which is > no longer issuing certificates, because now they are being issued > directly by StartCom) were issued under the old root. So it seems to me > that perhaps Apple removed the old root from their cert store before all > the certificates issued under that root had expired. I'll follow up with > StartCom about this and report back.
Further research indicates that this is a problem only on Snow Leopard (I just installed the latest security update on Leopard and the old root is still in the keychain). Could someone do me a favor and look in their keychain on Snow Leopard to verify that a root for "Free SSL Certification Authority" is or is not in the system roots? (Click to inspect the cert and it will mention StartCom -- the old root expires on March 11, 2035.) Thanks! Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr55mwACgkQNL8k5A2w/vzb+gCfdmHbCrTS2Ukn/gJD4sCc3UgR aO8An1/8lEKP5JUOB/EpgiG9DO0SPvQP =KZuZ -----END PGP SIGNATURE-----
