[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] Savannah https SSL certificates updated
|
From: |
Reed Loden |
|
Subject: |
Re: [Savannah-users] Savannah https SSL certificates updated |
|
Date: |
Mon, 9 Mar 2015 12:46:40 -0700 |
https://www.ssllabs.com/ssltest/analyze.html?d=savannah.gnu.org
Looks like "USERTrust RSA Certification Authority" root CA cert is missing
from the ca-certificates store of fencepost. Not sure when it was added to
browser's root store, but might be a good idea to send it along with the
entire certificate chain for now. Better yet, update fencepost's
ca-certificates.
Aside from that, it would be nice if savannah's SSL/TLS config was updated
to enable better cipher suite choices and newer protocols. See
https://wiki.mozilla.org/Security/Server_Side_TLS for some examples on how
to do this.
~reed
On Mon, Mar 9, 2015 at 11:46 AM, Ineiev <address@hidden> wrote:
> On Mon, Mar 02, 2015 at 10:15:31PM +0000, Bob Proulx wrote:
> > The https SSL certificates for the Savannah web site have been updated.
>
> It looks like this disabled some of my cron jobs on fencepost.gnu.org;
> it used to wget https://...savannah.gnu.org/...; now it says
> ERROR: cannot verify savannah.gnu.org's certificate, issued by
> `/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2':
> Unable to locally verify the issuer's authority.
>
> Probably I should file a request to sysadmin, or configure
> something in ~/.
>
> Any ideas?
>
>