Firefox says Peer's Certificate has been revoked

David Newman dnewman at networktest.com
Tue Dec 21 03:01:44 MSK 2010


On 12/20/10 3:34 PM, David Newman wrote:
> On 12/20/10 1:41 PM, Igor Sysoev wrote:
> 
>> I'm not sure, but probably the last (#3) GoDaddy certificate in the bundle
>> may cause the issue. OpenSSL without preloaded certificate base indicates
>> it as self signed:

> Thanks, Igor. I am checking now with GoDaddy and will report back.

Fixed now; the root problem was that GoDaddy had revoked the server
cert. Concatenated the new one with the GoDaddy bundle, restarted nginx,
and all is good.

Regarding the GoDaddy bundle:

> Certificate chain
>>  0 s:/O=mail3.networktest.com/OU=Domain Control Validated/CN=mail3.networktest.com
>>    i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
>>  1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
>>    i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
>>  2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
>>    i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
>>  3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
>>    i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com

GoDaddy claims the self-signed cert in the chain is a non-issue, and
that items in the chain are not listed sequentially. I do not have
enough info to agree or disagree with that assertion.

Thanks again!

dn




More information about the nginx mailing list