On Wed, May 4, 2011 at 8:39 PM, Alexander Bokovoy <[email protected]> wrote: >> (https://bugs.meego.com) > There seem to be some misconfiguration of SSL setup at meego.com. I > tried with QtWebkit and it also unable to reach and render it.
KDE's Konqueror browser also cannot browse bugs.meego.com over SSL. It outputs the following error: http://nielsmayer.com/meego/bugs-meego-com-bad-certificate.png It's as if the WebKit based browsers (such as Konqueror) do not recognize Go Daddy as CA. (Note the empty certificate chain and "this certificate is not signed by any trusted authority" in image above). FireFox4 has the GoDaddy cert built-in and therefore recognizes it: http://nielsmayer.com/meego/bugs-meego-com-go-daddy-cert.png http://nielsmayer.com/meego/bugs-meego-com-go-daddy-ca.png Perhaps the webkit based browsers need the GoDaddy CA certificate added on or installed separately in order to browse/login to bugs.meego.com. Typically most browsers have some way of adding private or unrecognized certificates. If the web transaction fails as early as checking the validity of the SSL certificate, you will certainly see very little on the wire. It will bail out immediately, as you noted, with a "handshake failure." That's the whole point of using a http://en.wikipedia.org/wiki/Public_key_infrastructure in the first place. Why is cheapskate GoDaddy certificate being used in the first place? I always associated GoDaddy with pornsites and other fly-by-night businesses. Certainly not for "serious" websites. Doesn't meego.com deserve a pricy and widely recognized Verisign cert? Also, to keep MeeGo.com's certificates "under control" it might be wise (as opposed to pound foolish) to use the same wildcard cert (*.meego.com) for all MeeGo.com sites needing SSL (e.g. OBS, wiki, etc). http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/ Niels http://nielsmayer.com _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines
