Le 21/01/2026 à 23:33, Andrew C Aitchison via mailop a écrit :
No idea whether it is related but Linux web-browsers tell me that the certificate for download.microsoft.com is signed by an unknown issuer. It is possible their issues are wider than just email.
Hi On the download.microsoft.com certificate openssl sees a problem with the chain yes
[grocher:~] $ date jeudi 22 janvier 2026, 06:56:53 (UTC+0100) [grocher:~] $ openssl s_client -connect download.microsoft.com:443 CONNECTED(00000003) depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = akamai.download.microsoft.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = akamai.download.microsoft.com verify error:num=21:unable to verify the first certificate verify return:1 depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = akamai.download.microsoft.com verify return:1 --- Certificate chain 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = akamai.download.microsoft.com i:C = US, O = Microsoft Corporation, CN = Microsoft TLS G2 ECC CA OCSP 02 --- Server certificate -----BEGIN CERTIFICATE----- MIIG7TCCBnOgAwIBAgITVwAAGX0vFhXmqJxPLgAAAAAZfTAKBggqhkjOPQQDAzBX MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgw JgYDVQQDEx9NaWNyb3NvZnQgVExTIEcyIEVDQyBDQSBPQ1NQIDAyMB4XDTI2MDEx MzE0Mzg1NloXDTI2MDcxMjE0Mzg1NlowdDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT AldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y YXRpb24xJjAkBgNVBAMTHWFrYW1haS5kb3dubG9hZC5taWNyb3NvZnQuY29tMFkw EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGFLjH2yYI9pCmvc7Nu1hC0goOLFBuR6y 9Jrdy72zILDcLgYVlfMo3obY3ysXkS31vOiFiHgNq7Xsw3zyhcVhxaOCBP8wggT7 MIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDXbX0Q0af1d8LH6V/XAL/5gskz WmXh0LMBcxfAyMVpdwAAAZu31OSKAAAEAwBGMEQCIAbhQjloFd9LhFGyb01O9Wy/ Lgb3N0VkiSG+ILhETtLkAiBCbE6nTXqsMVW9ewHdQqimoBGpwTexr+JXMvxorXOo WgB2AMIxfldFGaNF7n843rKQQevHwiFaIr9/1bWtdprZDlLNAAABm7fU5JQAAAQD AEcwRQIhAO2ECkAgKBBwjuFW8051fiQOlt2WWJ8A/RNmFJm1CHVrAiAHq3DIaQ/a Z1bQmn5YbChmo3HZ5BO4Jdxc4infNx6VxAB1AMijxH/Hs625NWsBP2p6Em3jOk5D pcZG+ZetOXWZHc+aAAABm7fU5N8AAAQDAEYwRAIgKUd8wUE7pe1auIC1S00ZOP0S Zx9wjBnGsrwtk5A8HPACIEOpjOSGt885ixcHXSsDHKMAXRfN5Lbkw06O3Bzzuu0v MBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwEwPAYJKwYBBAGCNxUHBC8wLQYl KwYBBAGCNxUIh73XG4Hn60aCgZ0ujtAMh/DaHV2D6cNngrSjTAIBZAIBIDCCAQsG CCsGAQUFBwEBBIH+MIH7MGEGCCsGAQUFBzAChlVodHRwOi8vd3d3Lm1pY3Jvc29m dC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRMUyUyMEcyJTIwRUNDJTIw Q0ElMjBPQ1NQJTIwMDIuY3J0MGcGCCsGAQUFBzAChltodHRwOi8vY2Fpc3N1ZXJz Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRMUyUyMEcy JTIwRUNDJTIwQ0ElMjBPQ1NQJTIwMDIuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8v b25lb2NzcC5taWNyb3NvZnQuY29tL29jc3AwHQYDVR0OBBYEFH+aduNyPDczPu+G OdRAO8YbouZ4MA4GA1UdDwEB/wQEAwIHgDBABgNVHREEOTA3gh1ha2FtYWkuZG93 bmxvYWQubWljcm9zb2Z0LmNvbYIWZG93bmxvYWQubWljcm9zb2Z0LmNvbTAMBgNV HRMBAf8EAjAAMIHxBgNVHR8EgekwgeYwgeOggeCggd2GbGh0dHA6Ly93d3cubWlj cm9zb2Z0LmNvbS9wa2lvcHMvY3JsL3BhcnRpdGlvbi9NaWNyb3NvZnQlMjBUTFMl MjBHMiUyMEVDQyUyMENBJTIwT0NTUCUyMDAyX1BhcnRpdGlvbjAwMDgzLmNybIZt aHR0cDovL2NybDIubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL3BhcnRpdGlvbi9N aWNyb3NvZnQlMjBUTFMlMjBHMiUyMEVDQyUyMENBJTIwT0NTUCUyMDAyX1BhcnRp dGlvbjAwMDgzLmNybDBmBgNVHSAEXzBdMAgGBmeBDAECAjBRBgwrBgEEAYI3TIN9 AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w cy9Eb2NzL1JlcG9zaXRvcnkuaHRtMB8GA1UdIwQYMBaAFOUfxGoJNuKv4WRuvfxr 6e3F0Cp0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMDA2gAMGUCMQCs pERXhEjRtAVCEsqSPQJePHFOQgtJxiyo1nOY42aHj6bPpIKhEPCyPW2XkxMIvXoC MExdzD+usQ4w+73DjzXXXb5kCvwrcPHVT4PBpwUEdC9pvKh0OOlpvrYIUaBm9vnP Zg== -----END CERTIFICATE----- subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = akamai.download.microsoft.com issuer=C = US, O = Microsoft Corporation, CN = Microsoft TLS G2 ECC CA OCSP 02 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2297 bytes and written 440 bytes Verification error: unable to verify the first certificate --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 3DB7482936CEE7F3BAFB8B9DE04660455259B8736673B50B7181AB6EF705E380Session-ID-ctx: Master-Key: 39D9B6F730C7BEEC105AC0021BEC1048AD2ECB65832440EBD188E38C5F632759261B3C602018D12F2B1C2EABD021A2A4PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 83100 (seconds) TLS session ticket: 0000 - 00 00 31 7f 87 c8 b4 e2-f7 fa c2 4e 7e b4 6a da ..1........N~.j. 0010 - 52 40 f7 b4 e0 45 1e b9-19 ee 95 f6 17 38 8b 57 [email protected] 0020 - d2 8e 9d 68 ab 9c 3d a5-ea 1e 05 26 eb 35 79 0a ...h..=....&.5y. 0030 - 78 94 7b 33 1e 45 64 7d-1c 74 80 f2 07 35 0e ef x.{3.Ed}.t...5.. 0040 - c4 71 84 08 31 64 c6 7c-96 1c aa f0 fe 4f 61 d2 .q..1d.|.....Oa. 0050 - 01 71 d5 c4 c5 a4 52 c2-4c 56 21 f5 43 ee c8 7a .q....R.LV!.C..z 0060 - 36 58 75 11 a9 5d 7c b5-ae 49 49 3a 5f 90 5c 06 6Xu..]|..II:_.\. 0070 - 5b 8f 0f 4f 98 13 7d c2-50 3c ce 02 d7 b4 27 3b [..O..}.P<....'; 0080 - 84 b8 b0 8b aa 87 18 5a-92 c2 72 e7 67 e7 15 10 .......Z..r.g... 0090 - 1a ed a1 10 23 42 1d 29-43 82 9b 91 b4 c5 98 f2 ....#B.)C....... 00a0 - 9c 26 cb 09 a1 9c cb 06-38 9f 9d 7f d5 23 ea 05 .&......8....#.. 00b0 - 64 02 68 63 1e df 90 b6-6e 31 b2 ed 8a bb 71 75 d.hc....n1....qu 00c0 - af f4 db 4c 3a 60 04 2b-37 63 ba 44 a1 c1 39 34 ...L:`.+7c.D..94 Start Time: 1769061414 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) Extended master secret: no --- DONE
-- Grégory Rocher _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
