Hi, When using lynx to access https://portfolio.iguw.tuwien.ac.at I got an ssl cert validation error. Since it worked fine in firefox/chromium I tried to use openssl directly and got the following, but I fail to understand what it means although I see that the chain looks strange (0->1 i:TERENA is replaced by s:COMODO)
After a bit of googling I believe it's a problem on the server side, but my knowledge of SSL/X.509 is very limited so if you have any pointers, I'd be happy to hear them. $ openssl s_client -connect portfolio.iguw.tuwien.ac.at:443 > CONNECTED(00000003) > depth=0 C = AT, ST = Vienna, L = Vienna, O = Vienna University of Technology, > OU = E187 Institute of Design and Assessment of Technology, CN = > portfolio.iguw.tuwien.ac.at > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 C = AT, ST = Vienna, L = Vienna, O = Vienna University of Technology, > OU = E187 Institute of Design and Assessment of Technology, CN = > portfolio.iguw.tuwien.ac.at > verify error:num=27:certificate not trusted > verify return:1 > depth=0 C = AT, ST = Vienna, L = Vienna, O = Vienna University of Technology, > OU = E187 Institute of Design and Assessment of Technology, CN = > portfolio.iguw.tuwien.ac.at > verify error:num=21:unable to verify the first certificate > verify return:1 > --- > Certificate chain > 0 s:/C=AT/ST=Vienna/L=Vienna/O=Vienna University of Technology/OU=E187 > Institute of Design and Assessment of > Technology/CN=portfolio.iguw.tuwien.ac.at > i:/C=NL/O=TERENA/CN=TERENA SSL CA > 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO > High-Assurance Secure Server CA > i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust > External CA Root > 2 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust > External CA Root > i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust > External CA Root > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIE8DCCA9igAwIBAgIQBagxIAw2wkgm18Z8kZ/bSzANBgkqhkiG9w0BAQUFADA2 > MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEg > U1NMIENBMB4XDTEyMDEyNjAwMDAwMFoXDTE1MDEyNTIzNTk1OVowgb8xCzAJBgNV > BAYTAkFUMQ8wDQYDVQQIEwZWaWVubmExDzANBgNVBAcTBlZpZW5uYTEoMCYGA1UE > ChMfVmllbm5hIFVuaXZlcnNpdHkgb2YgVGVjaG5vbG9neTE+MDwGA1UECxM1RTE4 > NyBJbnN0aXR1dGUgb2YgRGVzaWduIGFuZCBBc3Nlc3NtZW50IG9mIFRlY2hub2xv > Z3kxJDAiBgNVBAMTG3BvcnRmb2xpby5pZ3V3LnR1d2llbi5hYy5hdDCCASIwDQYJ > KoZIhvcNAQEBBQADggEPADCCAQoCggEBALi3dc4RkEHpWJAvbNJEx3U2zFjk6KLH > GXJmqOlvgCNoTzEmr5rM7Raa+/8Tm74HNS6t1qaZ1t+xGeeBddM/1DCQMFRGwjn/ > F9BB6XqEarGkP8W/T/PX0EIsnXOPnRsh1PIyjwtFrKIB1QcVl4G8qhw1v7F591wD > 7RPV6m5U9SDn+n1grYJra1uTeYYp8G4c7UgzBU/KFu9wBL+Pu/ViAETPpTsUJZCs > CRnUxix2w9wXjZIYu2kIrZGMR5nHWLuuLrdOtNf75aOVTpPikP75MJXv993GGrga > oT5XFAO3YgZmdzrOvgZLmHf9fVHc2n6W83uC23bt7cjERbHHZxXJQm0CAwEAAaOC > AW4wggFqMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdXR+qQ47ntMB0GA1UdDgQW > BBSHeDuT739niuaEXF/pTbeYpHeSgDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/ > BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGAYDVR0gBBEwDzAN > BgsrBgEEAbIxAQICHTA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLnRjcy50 > ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNybDBtBggrBgEFBQcBAQRhMF8wNQYIKwYB > BQUHMAKGKWh0dHA6Ly9jcnQudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3J0 > MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3MudGVyZW5hLm9yZzAmBgNVHREE > HzAdghtwb3J0Zm9saW8uaWd1dy50dXdpZW4uYWMuYXQwDQYJKoZIhvcNAQEFBQAD > ggEBAD/J6VoTfXzrEQWNp9KLtZYOm0w2hP1t+YDpsk3bh43irf88VGTP3l4e4Qhr > 47WX8f/Yp1EV4pYq7aRjkim6YIga6n1McU88w/nWM0e07zjUXIE6PdqmAutopXJW > zKJOpXw/Mrmc2vBpeyCmZuCjCuSs4ZS+UmKy13nJEySRNXdGTjrBAqdByPovQgeu > GNuFaWUAYtm/xVDrjYiC+3VfFMaBTsnUGI6zMJ2ufBCJm8VaaEgPQ7zAoiMtOcqV > 7Abc8+kWDqbVF8FzCZwDTq4r1IeY9UpjWfNBMe2lE5aXBMTtXQeY+U5Hf5gm7wNn > s+ONUGdM9w3SWO05wtRZq8VPu7U= > -----END CERTIFICATE----- > subject=/C=AT/ST=Vienna/L=Vienna/O=Vienna University of Technology/OU=E187 > Institute of Design and Assessment of > Technology/CN=portfolio.iguw.tuwien.ac.at > issuer=/C=NL/O=TERENA/CN=TERENA SSL CA > --- > No client certificate CA names sent > --- > SSL handshake has read 4514 bytes and written 409 bytes > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: zlib compression > Expansion: zlib compression > SSL-Session: > Protocol : TLSv1 > Cipher : DHE-RSA-AES256-SHA > Session-ID: > CD833B2D543BAB1BABFD3A0A1C3EC7C0950914F281BB71526F17AE1A377B5255 > Session-ID-ctx: > Master-Key: > 6F659AAB5D8BC83B70AC51BA52A47B553CF8CC3482B3F820104F0F44CD6DF151CB8AE5AF4B6DDF6EB9699736B8BDC4E8 > Key-Arg : None > PSK identity: None > PSK identity hint: None > TLS session ticket: > 0000 - b5 60 f4 30 a3 d5 d1 23-3e d6 ba 4a d5 cf 1e e5 .`.0...#>..J.... > 0010 - f4 0e 95 77 5a 38 93 71-aa 75 65 2d 0e f0 fe 17 ...wZ8.q.ue-.... > 0020 - 13 19 de 9c 5c 70 b9 80-df 78 1e 40 0b e9 f2 03 ....\p...x.@.... > 0030 - 4a 8a c3 f3 45 03 2c f5-62 d3 e1 c1 34 d5 4b b9 J...E.,.b...4.K. > 0040 - 52 3e 16 39 ae ad cc b4-cb 05 ef 97 00 ab 42 ed R>.9..........B. > 0050 - e6 38 b8 e5 ad 48 73 4e-78 37 f2 ff c8 a5 1f 77 .8...HsNx7.....w > 0060 - 9a 65 3f a4 1d f8 06 a7-fb 8c 67 74 3d 7a db 6a .e?.......gt=z.j > 0070 - 1e b3 a1 64 3b dc 24 95-62 f6 78 f3 4e b1 9f ca ...d;.$.b.x.N... > 0080 - fb eb 80 67 7c 15 b3 c2-14 2f b5 5f 25 ad 5c 3c ...g|..../._%.\< > 0090 - 49 0e f5 08 a6 d6 3f ec-c5 e9 6e 01 d2 6b b8 62 I.....?...n..k.b > 00a0 - 99 aa 6a ed 63 99 6f ff-8b 5f d2 fa 74 fe dd 12 ..j.c.o.._..t... > 00b0 - 4b c0 12 b2 5f 91 29 17-51 b5 eb f0 b6 db ce 96 K..._.).Q....... > > Compression: 1 (zlib compression) > Start Time: 1331814370 > Timeout : 300 (sec) > Verify return code: 21 (unable to verify the first certificate) > --- -- Florian Pritz
signature.asc
Description: OpenPGP digital signature
