Firefox says Peer's Certificate has been revoked
David Newman
dnewman at networktest.com
Tue Dec 21 03:01:44 MSK 2010
On 12/20/10 3:34 PM, David Newman wrote:
> On 12/20/10 1:41 PM, Igor Sysoev wrote:
>
>> I'm not sure, but probably the last (#3) GoDaddy certificate in the bundle
>> may cause the issue. OpenSSL without preloaded certificate base indicates
>> it as self signed:
> Thanks, Igor. I am checking now with GoDaddy and will report back.
Fixed now; the root problem was that GoDaddy had revoked the server
cert. Concatenated the new one with the GoDaddy bundle, restarted nginx,
and all is good.
Regarding the GoDaddy bundle:
> Certificate chain
>> 0 s:/O=mail3.networktest.com/OU=Domain Control Validated/CN=mail3.networktest.com
>> i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
>> 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
>> i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
>> 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
>> i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
>> 3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
>> i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
GoDaddy claims the self-signed cert in the chain is a non-issue, and
that items in the chain are not listed sequentially. I do not have
enough info to agree or disagree with that assertion.
Thanks again!
dn
More information about the nginx
mailing list