What | Removed | Added |
---|---|---|
CC | astieger@suse.com |
According to https://www.digicert.com/digicert-root-certificates.htm "DigiCert SHA2 High Assurance Server CA" is an intermediate, not a root. Root: DigiCert High Assurance EV Root CA Intermediate: DigiCert SHA2 High Assurance Server CA The actual root in in the trust list. For HTTPS, filr.attachmategroup.com presents an incomplete certificate chain: $ openssl s_client -connect filr.attachmategroup.com:443 > [...] > Certificate chain > 0 s:/C=US/ST=WA/L=Seattle/O=Attachmate Corporation/CN=filr.attachmategroup.com > i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA A correctly configured host: $ openssl s_client -connect ev-root.digicert.com:443 -servername ev-root.digicert.com Certificate chain > [...] > 0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Utah/serialNumber=5299537-0142/ > street=Suite 500/street=2600 West Executive Parkway/postalCode=84043/C=US/ST=Utah/L=Lehi/O=DigiCert, Inc./CN=ev-root.digicert.com > i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA > 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA > i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA > 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA > i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA