All,
While debugging an issue in our testsuite, it has come to our attention that your website is not serving the intermediate certificate. This works fine in most browsers because browsers cache intermediate certificates: https://superuser.com/questions/351516/do-intermediate-certificates-get-cached-in-firefox However, your site does not serve an intermediate cert: https://www.ssllabs.com/ssltest/analyze.html?d=pcisecuritystandards.org&s=192.230.74.66&latest For browsers who haven't visited a website with a Go Daddy intermediate cert, the website will display an error. The same will happen for users not using a browser that caches intermediate certs. Here is Go Daddy's page with their intermediate certs: http://certs.godaddy.com/repository/ Do you mind updating your website to serve an intermediate certificate as well? For reference, here is output of curl on your website: $ curl https://www.pcisecuritystandards.org curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. openssl reports a similar error. Note that only one certificate (your server's) is included in the output: $ openssl s_client -connect www.pcisecuritystandards.org:443 -servername www.pcisecuritystandards.org CONNECTED(00000003) depth=0 OU = Domain Control Validated, CN = *.pcisecuritystandards.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 OU = Domain Control Validated, CN = *.pcisecuritystandards.org verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/CN=*.pcisecuritystandards.org i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 --- Server certificate -----BEGIN CERTIFICATE----- MIIFVDCCBDygAwIBAgIJAOcfzZnk82rnMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0 cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE4MDEyNDE0MjkwMFoX DTE5MDIwOTE4MzkzOFowSDEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh dGVkMSMwIQYDVQQDDBoqLnBjaXNlY3VyaXR5c3RhbmRhcmRzLm9yZzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKT3YNqh/Gs54MnOkYG+fJ+gHw8s1Pa2 Bt6wFIqwHlY2BtvyfP9/c1wbFpCue3IVDUBJFwM1TiBYePHqEjUiWE8emxcSPo7Q Kmvuo6FTp2tfMtNeqCs0WqEcSiYQlqd1gFysDLTWCfA7sAT+gdMPFPXEwHIXd17z pxYt0vzQhg5bW14JcNaYBPm7V15oqojzdjS/pESl9f/keW8IcvdcsnMtvXLyVV4A +q57HM4UPNchLAB/OMj48yHhpIO3YYdFyp+4CgVohm4awat4jYccnW4K4szAezoz mFu7lm7lfIQs5Zp3a+478k4tc9BNReZEaUJXfLGDNPwdsJp3VOiOzTcCAwEAAaOC AdIwggHOMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF BwMCMA4GA1UdDwEB/wQEAwIFoDA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js LmdvZGFkZHkuY29tL2dkaWcyczEtODAzLmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG /W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRk eS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggr BgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRo dHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIu Y3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMD8GA1UdEQQ4MDaC GioucGNpc2VjdXJpdHlzdGFuZGFyZHMub3JnghhwY2lzZWN1cml0eXN0YW5kYXJk cy5vcmcwHQYDVR0OBBYEFIG2cY2L7kSAnYqOCQOP10qm/2mwMA0GCSqGSIb3DQEB CwUAA4IBAQAP2yQrBBDU89ILG5S3r+1oUzTAOr5flHgWtS2doxEoLkXfpPDx+k+z Uw3YzKjj8cxnoK940C5oEqroTdL7j1Kod+lLFFkSNtta+7dkONJlRoiocHsFB9mn LYjqCioCkHpFoD8xzyYlCYiFaPpFUCROUbCDCHeUDT5g8ltuPBB4e25YqFwBx9T0 cbNB1uojl9bqrz2BxNFQgyPUBTSP4DqW/bJ8wissIXg8techOi5XDUDO2/jkUAhw LZExdBlSR1EaAImnZsMS1ruIMAWGimSY4FP5jJFassddX0Z4M42BPieaUf90jftm Ogfv70pk6ztpQOYhgR6YTFo7WP9TFnwh -----END CERTIFICATE----- subject=/OU=Domain Control Validated/CN=*.pcisecuritystandards.org issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 --- Thank you, -- Alex Alexander Scheel Security and Compliance OpenSCAP Project _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list