Bjoern Voigt wrote:
Per Jessen wrote:
Well, I have now determined it is a missing root CA. Firefox has it, but wget/curl/w3m/konqueror do not. I exported it from Firefox (quite an old one), and when I use that with wget, it works.
I guess Firefox comes with a built-in CA bundle, whereas the others use e.g. /etc/ssl/certs ? (pkg ca-certificates).
Did it worked for you to import the root CA "DigiCert Global Root CA" from Firefox? I tried this, but after that "c_rehash" showed my a duplicate root CA in /etc/ssl/certs. So this was unsuccessful.
I exported one called "Geotrust RSA CA 2018" (from memory), rehashed etc.
I think, the immediate certificate "GeoTrust RSA CA 2018" is missing.
Haha, right.
Firefox and others handle this somehow other than OpenSSL based programs.
Firefox in older versions has that CA - I exported from a Firefox on openSUSE 12.3. I'm beginning to think this is about an incomplete chain being served, just like ssllabs suggested. I'll have to double check the config. -- Per Jessen, Zürich (1.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org