[ET Trac] [Einstein Toolkit] #1061: Certificate failure

Tue Oct 16 12:09:18 CDT 2012

#1061: Certificate failure
--------------------------------------+-------------------------------------
  Reporter:  eschnett                 |       Owner:          
      Type:  defect                   |      Status:  reopened
  Priority:  minor                    |   Milestone:          
 Component:  EinsteinToolkit website  |     Version:          
Resolution:                           |    Keywords:          
--------------------------------------+-------------------------------------
Changes (by rhaas):

  * priority:  major => minor
  * resolution:  invalid =>
  * status:  closed => reopened
  * component:  EinsteinToolkit thorn => EinsteinToolkit website

Comment:

 This is partially happening again. Now Firefox is happy with the
 certificate for trac.einsteintoolkit.org but eg. wget is not happy with it

 {{{
 rhaas at horizon:.../EinsteinEOS/EOS_Omni$ wget
 https://trac.einsteintoolkit.org/raw-
 attachment/ticket/1070/EOS_Omni_Module.F90.diff
 --2012-10-16 10:01:49--  https://trac.einsteintoolkit.org/raw-
 attachment/ticket/1070/EOS_Omni_Module.F90.diff
 Resolving trac.einsteintoolkit.org (trac.einsteintoolkit.org)...
 130.39.21.34
 Connecting to trac.einsteintoolkit.org
 (trac.einsteintoolkit.org)|130.39.21.34|:443... connected.
 ERROR: The certificate of `trac.einsteintoolkit.org' is not trusted.
 ERROR: The certificate of `trac.einsteintoolkit.org' hasn't got a known
 issuer.
 }}}

 with curl the error is:

 {{{
 rhaas at horizon:.../EinsteinEOS/EOS_Omni$ curl
 https://trac.einsteintoolkit.org/raw-
 attachment/ticket/1070/EOS_Omni_Module.F90.diff
 curl: (60) SSL certificate problem: unable to get local issuer certificate
 More details here: http://curl.haxx.se/docs/sslcerts.html

 curl performs SSL certificate verification by default, using a "bundle"
  of Certificate Authority (CA) public keys (CA certs). If the default
  bundle file isn't adequate, you can specify an alternate file
  using the --cacert option.
 If this HTTPS server uses a certificate signed by a CA represented in
  the bundle, the certificate verification probably failed due to a
  problem with the certificate (it might be expired, or the name might
  not match the domain name in the URL).
 If you'd like to turn off curl's verification of the certificate, use
  the -k (or --insecure) option.
 }}}

-- 
Ticket URL: <https://trac.einsteintoolkit.org/ticket/1061#comment:4>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit