On 11/03/2014 09:08 AM, Per Jessen wrote:
Your certificate chain is incomplete. Do you know if anything changed in this respect? This was working when that certificate was installed.
. and the server configuration is also broken beyond repair "ranked F" Perhaps not quite beyond repair, but yes, it's overdue to be moved off that server. We want to upgrade to 2.4 and get support for PFS, EC ciphers etc.
Per, I tried the test from 13.1 FF and the certificate was there and worked. The primary issues prompting the "F" were SSL3 and renegotiation (POODLE, MTM attack, respectively), but the initial connection worked. (not that this is encouraging, but are you seeing something different?) The certificate information returned was: Additional Certificates (if supplied) Certificates provided 2 (3004 bytes) Chain issues Incomplete, Contains anchor #2 Subject SwissSign Silver CA - G2 In trust store SHA1: 9baae59f56ee21cb435abe2593dfa7f040d11dcb Valid until Sat Oct 25 08:32:46 UTC 2036 (expires in 21 years and 11 months) Key RSA 4096 bits Issuer SwissSign Silver CA - G2 Self-signed Signature algorithm SHA1withRSA Weak, but no impact on root certificates Certification Paths Path #1: Trusted 1 Sent by server webmail.hostsuisse.com SHA1: 552ead3a0445ad8136b0575efb2240856cf11d75 RSA 2048 bits / SHA1withRSA WEAK SIGNATURE 2 Extra download SwissSign Server Silver CA 2008 - G2 SHA1: 95eef9f8bb003d337c47b0f9a947ffafe02725c3 RSA 2048 bits / SHA1withRSA WEAK SIGNATURE 3 Sent by server In trust store SwissSign Silver CA - G2 SHA1: 9baae59f56ee21cb435abe2593dfa7f040d11dcb RSA 4096 bits / SHA1withRSA Weak or insecure signature, but no impact on root certificates -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org