[Bug 23631] New: serve cert chain for OTRS

Sat, 22 May 2010 19:00:15 -0700 

https://bugzilla.wikimedia.org/show_bug.cgi?id=23631

           Summary: serve cert chain for OTRS <ticket.wikimedia.org>
           Product: Wikimedia
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: OTRS
        AssignedTo: tstarl...@wikimedia.org
        ReportedBy: bugzilla+org.wikime...@tuxmachine.com


OTRS <ticket.wikimedia.org> is not serving the full certificate chain. (via
ssl/tls)

I'm fairly certain this is non compliant with relevant standards but don't have
a source offhand. I'm seeing this causing cert warnings in safari. (using
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/531.21.11
(KHTML, like Gecko) Version/4.0.4 Safari/531.21.10) 

For reference here's a comparison of the misconfigured site with a properly
configured site. (both seem to be signed by the same upstream intermediary CA)

$ for i in ticket.wikimedia.org squarefree.com; do openssl s_client -connect
$i:443 < /dev/null 2>/dev/null | perl -pe 'exit 0 if (/^Server certificate$/);'
| sed -e 1d; done
---
Certificate chain
 0 s:/O=ticket.wikimedia.org/OU=Domain Control
Validated/CN=ticket.wikimedia.org
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
Certification Authority/serialNumber=07969287
---
---
Certificate chain
 0 s:/O=www.squarefree.com/OU=Domain Control Validated/CN=www.squarefree.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
Certification Authority/serialNumber=07969287
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
Certification Authority/serialNumber=07969287
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification
Authority
---

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to