On Sun, Dec 21, 2008 at 10:31 PM, Scott Bennett <[email protected]> wrote: > ... >>is it possible you have an old openssl cacerts package without the >>newer ev signing and root ca's? > > Beats me.
yup, that appears to be it. (looking at the certs you got). nothing nefarious, aside from another random root added to your circle of trust :) you can download via: https://www.geotrust.com/resources/root-certificates/ you want: https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Global_eBusiness_CA-1.cer verify things look good: openssl s_client -CAfile Equifax_Secure_Global_eBusiness_CA-1.cer -connect www.torproject.org:443 -showcerts ... Verify return code: 0 (ok) and to use this with wget: wget --ca-certificate=Equifax_Secure_Global_eBusiness_CA-1.cer https://www.torproject.org/... best regards,
