[ET Trac] [Einstein Toolkit] #1061: Certificate failure
Einstein Toolkit
trac-noreply at einsteintoolkit.org
Wed Oct 17 09:27:13 CDT 2012
#1061: Certificate failure
--------------------------------------+-------------------------------------
Reporter: eschnett | Owner:
Type: defect | Status: reopened
Priority: minor | Milestone:
Component: EinsteinToolkit website | Version:
Resolution: | Keywords:
--------------------------------------+-------------------------------------
Comment (by knarf):
As said before, the question of a certificate being trusted is on the
client side, not the server. We cannot do something if a client (e.g. OS
vendor) decides to use an old list of 'trusted root certificates' or
simply doesn't list some there. The certificate of svn.einsteintoolkit.org
is valid. See e.g.
http://www.sslshopper.com/ssl-
checker.html#hostname=https://trac.einsteintoolkit.org/wiki
The question really boils down to whether your system trusts the "AddTrust
External CA Root" certificate by default or not.
Note that you saw a change in behavior because the certificate for trac
was renewed (the old was expired) and LSU chose to sign it using "InCommon
Server CA" which is signed by "AddTrust External CA Root". The old was
signed by "Louisiana State University Issuing CA 1" which is signed by a
different root: "GTE CyberTrust Global Root", but since "Louisiana State
University Issuing CA 1" also expires Aug next year there wouldn't have
been much use in choosing that.
--
Ticket URL: <https://trac.einsteintoolkit.org/ticket/1061#comment:5>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit
More information about the Trac
mailing list