https://wiki.squid-cache.org provides invalid certificate chain ...

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

https://wiki.squid-cache.org provides invalid certificate chain ...

Walter H.
for more information see
https://www.ssllabs.com/ssltest/analyze.html?d=wiki.squid-cache.org

- missing intermediate certificate
- ssl3 active, poodle vulnerable ...

Greetings,
Walter



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: https://wiki.squid-cache.org provides invalid certificate chain ...

Amos Jeffries
Administrator
On 18/11/17 01:39, Walter H. wrote:
> for more information see
> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.squid-cache.org
>
> - missing intermediate certificate
> - ssl3 active, poodle vulnerable ...
>

None of those issues appear in the test results I get from that URL you
referenced. SSLv3 is definitely not even supported by our wiki server.

The tester appears to be broken in regards to the chain test. There is
*no* chain. Our cert is directly signed by the LetsEncrypt CA.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: https://wiki.squid-cache.org provides invalid certificate chain ...

Kinkie
I have already acted on it but couldn’t communicate in time, sorry. Thanks for notifying and for looking into it. 


On Fri, 17 Nov 2017 at 17:52, Amos Jeffries <[hidden email]> wrote:
On 18/11/17 01:39, Walter H. wrote:
> for more information see
> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.squid-cache.org
>
> - missing intermediate certificate
> - ssl3 active, poodle vulnerable ...
>

None of those issues appear in the test results I get from that URL you
referenced. SSLv3 is definitely not even supported by our wiki server.

The tester appears to be broken in regards to the chain test. There is
*no* chain. Our cert is directly signed by the LetsEncrypt CA.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
--
@mobile

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: https://wiki.squid-cache.org provides invalid certificate chain ...

Walter H.
In reply to this post by Walter H.
Hello,

still certificate issues: missing intermediate certificate

Greetings,
Walter

On 17.11.2017 13:39, Walter H. wrote:
> for more information see
> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.squid-cache.org
>
> - missing intermediate certificate
> - ssl3 active, poodle vulnerable ...
>
> Greetings,
> Walter



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: https://wiki.squid-cache.org provides invalid certificate chain ...

Walter H.
On 18.11.2017 13:51, Walter H. wrote:
> Hello,
>
> still certificate issues: missing intermediate certificate
>
> Greetings,
> Walter
@Amos:

>  There is
>  *no* chain. Our cert is directly signed by the LetsEncrypt CA.
>  Amos

that's wrong;  LetsEncrypt is only an intermediate, and MUST be given by the server,
as it isn't in any Trust Store by default.




_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: https://wiki.squid-cache.org provides invalid certificate chain ...

Alex Crow-2


On 18/11/17 12:56, Walter H. wrote:

> On 18.11.2017 13:51, Walter H. wrote:
>> Hello,
>>
>> still certificate issues: missing intermediate certificate
>>
>> Greetings,
>> Walter
> @Amos:
>
>>  There is
>>  *no* chain. Our cert is directly signed by the LetsEncrypt CA.
>>  Amos
>
> that's wrong;  LetsEncrypt is only an intermediate, and MUST be given
> by the server,
> as it isn't in any Trust Store by default.
>
>

Yep, I use LE and an it has a root CA and an intermediate - mine has:

DSA Root CA X3 -> Let's Encrypt Authority X3 -> <my Domain>.

Cheers

Alex


--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users