Bjoern Voigt wrote:
Per Jessen wrote:
A customer of ours recently renewed the ssl certificate (Digicert/Geotrust). Since then, accessing the site with curl, wget, w3m and konqueror causes a complaint "Unable to locally verify the issuer's authority".
Firefox, Opera and Chromium have no problems. (all on Leap422).
The site: https://www.elixseri.com/
On Leap15 - Firefox is fine, wget isn't.
Even an older Firefox on openSUSE 13.1 works fine. I think, the webserver www.elixseri.com has some SSL setup problems. Most browsers seem to ignore them.
SSL Labs complains about "Chain issues: Incomplete, Extra certs, Contains anchor".
See https://www.ssllabs.com/ssltest/analyze.html?d=www.elixseri.com&s=185.85.251.21
I'll check it out, but the website works fine, except with wget and curl.
I think, there is nothing what you can do as a client except disabling the certificate validation.
Well, I have now determined it is a missing root CA. Firefox has it, but wget/curl/w3m/konqueror do not. I exported it from Firefox (quite an old one), and when I use that with wget, it works. I guess Firefox comes with a built-in CA bundle, whereas the others use e.g. /etc/ssl/certs ? (pkg ca-certificates). -- Per Jessen, Zürich (1.6°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org