[Operators] IM Observatory: Not recognising DigiCert root certificate
Robert Norris
robn at fastmail.fm
Thu Oct 31 03:15:27 UTC 2013
On Thu, Oct 31, 2013, at 01:02 PM, Peter Saint-Andre wrote:
> Rob Norris! I was thinking about you just the other day while walking
> around the streets of Portland, Oregon. :-)
Wow, that was ten years ago this year. Feeling old yet?! :)
> openssl s_client -connect chat.messagingengine.com:5223 -CAfile
> DigiCertHighAssuranceECRootCA.crt
>
> The result I get is:
>
> "Verify return code: 20 (unable to get local issuer certificate)"
Yet when I do it:
[robn at betaweb1 ~]$ openssl s_client -connect
chat.messagingengine.com:5223 -CAfile
DigiCertHighAssuranceEVRootCA.pem | head
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
High Assurance CA-3
verify return:1
depth=0 C = NO, ST = Oslo, L = Oslo, O = Opera Software ASA, CN =
*.messagingengine.com
verify return:1
Looking at the cert file itself:
[robn at betaweb1 ~]$ openssl x509 -text <
DigiCertHighAssuranceEVRootCA.pem | grep -A1 Serial
Serial Number:
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Which matches what DigiCert give me here:
https://www.digicert.com/digicert-root-certificates.htm
So I'm confused as to how we're getting different results. Where did you
get your copy of the root cert?
More information about the Operators
mailing list