[Operators] IM Observatory: Not recognising DigiCert root certificate

Peter Saint-Andre stpeter at stpeter.im
Thu Oct 31 03:31:58 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/30/2013 09:15 PM, Robert Norris wrote:
> On Thu, Oct 31, 2013, at 01:02 PM, Peter Saint-Andre wrote:
>> Rob Norris! I was thinking about you just the other day while
>> walking around the streets of Portland, Oregon. :-)
> 
> Wow, that was ten years ago this year. Feeling old yet?! :)

:P

>> openssl s_client -connect chat.messagingengine.com:5223 -CAfile 
>> DigiCertHighAssuranceECRootCA.crt
>> 
>> The result I get is:
>> 
>> "Verify return code: 20 (unable to get local issuer
>> certificate)"
> 
> Yet when I do it:
> 
> [robn at betaweb1 ~]$ openssl s_client -connect 
> chat.messagingengine.com:5223 -CAfile 
> DigiCertHighAssuranceEVRootCA.pem | head depth=2 C = US, O =
> DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance
> EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU =
> www.digicert.com, CN = DigiCert High Assurance CA-3 verify
> return:1 depth=0 C = NO, ST = Oslo, L = Oslo, O = Opera Software
> ASA, CN = *.messagingengine.com verify return:1
> 
> Looking at the cert file itself:
> 
> [robn at betaweb1 ~]$ openssl x509 -text < 
> DigiCertHighAssuranceEVRootCA.pem | grep -A1 Serial Serial Number: 
> 02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
> 
> Which matches what DigiCert give me here:
> 
> https://www.digicert.com/digicert-root-certificates.htm
> 
> So I'm confused as to how we're getting different results.

The mystery deepens.

> Where did you get your copy of the root cert?

I got it here:

https://www.digicert.com/digicert-root-certificates.htm

Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJScc8tAAoJEOoGpJErxa2pBTwP/AzPpJbYDzQZjv5vuUAtT/JI
n9ZJk1bgBqmvE4ODGKKB4Tgj/Vkia/5Mu5pYI6NbIU0bZcTXBYD3mF3u5n+N1cWp
w2jHyR0ReVqI/+OjWH00U61f2qIKN/vKGw50WRZTEc7bJWXaAPx74PvuxFHB+LNC
9WnIx5IRlmMS4oawXg/V/XY2YzWcNZqV6i8euXxC2VAj7ChDVqr7ixcx6mL4W/6d
2JUQRZmpxOHIkJ0kJReQPLFdsRZXIo/JqfvJnSnOIaSkHhGElkt8HunnGxS3x2RH
VMnOHiqR/5TiqwfTIrfeiUeZImUJFHBrmho5FL2jn4fq2xSYbd3zomUrPcdSBKNb
CKgmBiAopZd3zfnDV1kX10CRL1ITEG56caWud5LKPr73YTMxomAXSeyy5nKeE2Ye
b88wHUQzSiK2EEs6a1mj5Gm0Oljd70YCc0V8+dNge5Tf+lcXri+Avmt/UPEdIwWf
r2FCqVMyE273EPxH8Thq3Rwv8flVXh9+C9g+fYfdvvVvWds14rSp8RvZbb2BW+jA
Vo8ngeQVt7eB8/YL3eG+a/69Fm03Wy+Jz7bLhfKl6JZIhAE0BCFPB+a3FGWwJ05N
kZph708PSC23diMGeLkPH3/CFiB6Ogv96TW7Tv0Al8Q6JfsYP354davpmHY9XrD+
C+JkaSeOPDlR977y7Iy4
=V+Vp
-----END PGP SIGNATURE-----


More information about the Operators mailing list