[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSM certificate prompt

From: Eli Zaretskii
Subject: Re: NSM certificate prompt
Date: Sat, 13 Dec 2014 18:39:51 +0200

> From: Michael Albinus <address@hidden>
> Date: Sat, 13 Dec 2014 16:27:32 +0100
> Cc: address@hidden
> "Other Web browsers" carry builtin certificates. For example if you use
> Firefox, click on the lock icon heading the url. Click on "More
> Information". Click on "View Certificate". In the "Details" tab, you'll
> see that "Google Internet Authority G2" is signed by "GeoTrust Global
> CA", which is signed by "Equifax Secure CA". The latter one is a builtin
> certificate Firefox knows about, so it is a valid certificate chain.

If I do the same for savannah.gnu.org in IE, it shows the following
certification path:

    Gandi Standard SSL CA

Emacs's eww prompts me about https://savannah.gnu.org and shows me
this information about its certificate:

  Certificate information
  Issued by:          Gandi Standard SSL CA
  Issued to:          Domain Control Validated
  Hostname:           savannah.gnu.org
  Public key:         RSA, signature: RSA-SHA1
  Protocol:           TLS1.0, key: RSA, cipher: AES-128-CBC, mac: SHA1
  Security level:     Medium
  Valid:              From 2014-03-05 to 2015-03-05

  The TLS connection to savannah.gnu.org:443 is insecure for the
  following reasons:

  certificate signer was not found (self-signed)
  certificate could not be verified

which also talks about Gandi Standard SSL CA.  So I wonder why GnuTLS
isn't happy with this, while MS IE is.  Am I missing something?

(Please be gentle: I know nothing about Internet security and

reply via email to

[Prev in Thread] Current Thread [Next in Thread]