From tim@tim-landscheidt.de Fri Mar 5 01:43:38 2021 Received: (at submit) by bugs.x2go.org; 5 Mar 2021 00:43:44 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from andalucia.tim-landscheidt.de (andalucia.tim-landscheidt.de [IPv6:2a01:4f8:1c1c:d4d0::1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 9E8925DA8B for ; Fri, 5 Mar 2021 01:43:37 +0100 (CET) Received: from dslb-084-060-155-122.084.060.pools.vodafone-ip.de ([84.60.155.122]:54564 helo=passepartout.tim-landscheidt.de) by andalucia.tim-landscheidt.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1lHyZ7-0001vc-24 for submit@bugs.x2go.org; Fri, 05 Mar 2021 01:43:37 +0100 From: Tim Landscheidt To: submit@bugs.x2go.org Subject: TLS intermediate certificate seems to be "wrong" Organization: http://www.tim-landscheidt.de/ Date: Fri, 05 Mar 2021 00:43:36 +0000 Message-ID: <87wnumfn0n.fsf@passepartout.tim-landscheidt.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Package: wiki.x2go.org While checking URLs with LWP/curl, I noticed that wiki.x2go.org fails: | [tim@passepartout ~]$ curl https://wiki.x2go.org/ | curl: (60) SSL certificate problem: unable to get local issuer certificate | More details here: https://curl.haxx.se/docs/sslcerts.html | curl failed to verify the legitimacy of the server and therefore could not | establish a secure connection to it. To learn more about this situation and | how to fix it, please visit the web page mentioned above. | [tim@passepartout ~]$ Staring at "openssl s_client -connect wiki.x2go.org:443", https://www.ssllabs.com/ssltest/analyze.html?d=wiki.x2go.org and https://letsencrypt.org/certificates/ suggests to a layman that the server certificate is signed by the R3 certificate, but the X3 certificate is sent along?