https://bugzilla.wikimedia.org/show_bug.cgi?id=23631
Summary: serve cert chain for OTRS <ticket.wikimedia.org> Product: Wikimedia Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: Normal Component: OTRS AssignedTo: tstarl...@wikimedia.org ReportedBy: bugzilla+org.wikime...@tuxmachine.com OTRS <ticket.wikimedia.org> is not serving the full certificate chain. (via ssl/tls) I'm fairly certain this is non compliant with relevant standards but don't have a source offhand. I'm seeing this causing cert warnings in safari. (using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/531.21.11 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10) For reference here's a comparison of the misconfigured site with a properly configured site. (both seem to be signed by the same upstream intermediary CA) $ for i in ticket.wikimedia.org squarefree.com; do openssl s_client -connect $i:443 < /dev/null 2>/dev/null | perl -pe 'exit 0 if (/^Server certificate$/);' | sed -e 1d; done --- Certificate chain 0 s:/O=ticket.wikimedia.org/OU=Domain Control Validated/CN=ticket.wikimedia.org i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 --- --- Certificate chain 0 s:/O=www.squarefree.com/OU=Domain Control Validated/CN=www.squarefree.com i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority --- -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l