On 12/03/2013 09:35 AM, David Hubner wrote: > I am having a certificate chain issue. Going to the site > https://www.tescobank.com/sss/auth which gets the intermediate cert as well > as > the site cert. We have the CA cert in the certificate store. > > It seems gnutls is not verifiying the cert chain and I cannot seem to find > out > why. I am using gnutls 3.1.16.
the certificate seems to validate for me (using gnutls 3.2.6) with
"gnutls-cli www.tescobank.com" -- can you show the full output of the
above command when you try with 3.1.16 ?
--dkg
0 dkg@alice:~$ echo | gnutls-cli www.tescobank.com
Processed 156 CA certificate(s).
Resolving 'www.tescobank.com'...
Connecting to '178.17.64.12:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `C=GB,ST=Midlothian,L=Haymarket
Yards,jurisdictionOfIncorporationCountryName=GB,O=Tesco Personal Finance
PLC,businessCategory=Private
Organization,serialNumber=SC173199+CN=www.tescobank.com', issuer
`C=US,O=Entrust\, Inc.,OU=www.entrust.net/rpa is incorporated by
reference,OU=(c) 2009 Entrust\, Inc.,CN=Entrust Certification Authority
- L1E', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-01-15
13:49:50 UTC', expires `2015-01-15 15:04:14 UTC', SHA-1 fingerprint
`f10ba36343860643ffabbd78ce4bacc79572fab0'
Public Key ID:
0526e859a4c5614ae325df3bd26c260b51b826b1
Public key's random art:
+--[ RSA 2048]----+
| +=O.o |
| .oo@o+ . |
| +=+. . . |
| E =. o o |
| o. o S |
| . * . |
| . |
| |
| |
+-----------------+
- Certificate[1] info:
- subject `C=US,O=Entrust\, Inc.,OU=www.entrust.net/CPS is incorporated
by reference,OU=(c) 2006 Entrust\, Inc.,CN=Entrust Root Certification
Authority', issuer `C=US,O=Entrust.net,OU=www.entrust.net/CPS incorp. by
ref. (limits liab.),OU=(c) 1999 Entrust.net Limited,CN=Entrust.net
Secure Server Certification Authority', RSA key 2048 bits, signed using
RSA-SHA1, activated `2007-01-05 19:20:39 UTC', expires `2017-01-05
19:50:39 UTC', SHA-1 fingerprint `bee772b3190ac84bf831f9607d9889ec6a966c16'
- Certificate[2] info:
- subject `C=US,O=Entrust\, Inc.,OU=www.entrust.net/rpa is incorporated
by reference,OU=(c) 2009 Entrust\, Inc.,CN=Entrust Certification
Authority - L1E', issuer `C=US,O=Entrust\, Inc.,OU=www.entrust.net/CPS
is incorporated by reference,OU=(c) 2006 Entrust\, Inc.,CN=Entrust Root
Certification Authority', RSA key 2048 bits, signed using RSA-SHA1,
activated `2009-12-10 20:55:43 UTC', expires `2019-12-10 21:25:43 UTC',
SHA-1 fingerprint `179a7696db4322813f1c9572b85033841dec020e'
- Status: The certificate is trusted.
- Description: (TLS1.0-PKIX)-(RSA)-(AES-128-CBC)-(SHA1)
- Session ID:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01:00:01:64:58:52:9D:F9:67:00:00:00:00:57:1E:31:AC
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
0 dkg@alice:~$
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
