Marcin, thanks for the report, and thanks for LANG=C, that's a serious help :)
Note that openssl s_client requires also giving a path to the CA root store to use, e.g.: openssl s_client -connect ebank.db-pbc.pl:443 -CApath /etc/ssl/certs/ It doesn't change this issue but may be useful for the future. Another URL for your bank's support staff: https://www.ssllabs.com/ssltest/analyze.html?d=ebank.db-pbc.pl Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1551615 Title: Alternative chain verification failure after 1024b root CAs removal Status in ca-certificates package in Ubuntu: Invalid Status in ca-certificates package in Debian: New Bug description: There is now the same problem on Ubuntu 14.04 as there is currently on Debian 7. See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812708 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812488 Gist: Openssl 1.0.1f can not verify certificates that have an alternative chain without both root certificates present. The update 20160104ubuntu0.14.04.1 removes 1024bit certificates that are used within those chains. Please don't push this update to vivid too! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1551615/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp