Ticket Hash: | 78b7f6c22f3003be66916ed7db0d5fabd18b4038 | |||
Title: | Invalid intermediate certificate for chiselapp.com | |||
Status: | Open | Type: | Incident | |
Severity: | Important | Priority: | Immediate | |
Subsystem: | Resolution: | Open | ||
Last Modified: | 2021-11-14 15:53:47 | |||
Version Found In: | ||||
User Comments: | ||||
anonymous added on 2021-01-25 08:40:15:
Hello, Sorry to write this report here, because I failed to find feedback address at chiselapp.com. At this time, intermediate CA is incorrect at chiselapp.com. Openssl fails to validate certificate chain:
You can see that CN in these certificates don't match. Here is stderr:
For comparison, for site openssl.org we have the following:
CN names match here. In stderr we have no errors:
Interestingly, the problem doesn't arise in browsers, may be because of caching of intermediate certs. See, for example, here and there. anonymous added on 2021-01-25 08:51:38: PS: the issue arises when I use Fossil on Windows with the latest cacert.pem. WBR, VZ anonymous added on 2021-11-14 15:53:47: Could be related to https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/. |