"Certum Domain Validation CA SHA2" is an intermediate cert, that chains
up to the "Certum Trusted Network CA" root cert that is included in NSS.
NSS includes root certs / trust anchors (so not usually intermediate
certs).
Websites are expected to serve up the intermediate cert(s) along with
their TLS cert. The site https://lk.peterburgregiongaz.ru/ is only
serving up the TLS cert.
Other than that, I do not see any problem with the TLS cert:
https://crt.sh/?id=655675810
And the intermediate cert looks fine too -- just needs to be served up
by the webserver.
https://crt.sh/?id=5623969
Hope that helps.
Kathleen
On 1/28/19 1:15 AM, basini...@gmail.com wrote:
Hi.
On various Linux distros I'm unable to access the certain site secured with "Certum
Domain Validation CA SHA2". In particular, on Archlinux the trusted bundle comes
from:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_41_1_RTM/src/nss-3.41.1.tar.gz
and it does not contain this. Chrome on Ubuntu works, but Firefox and command
line tools fail.
Is it missing by mistake or for a reason?
wget https://lk.peterburgregiongaz.ru
--2019-01-28 12:00:44-- https://lk.peterburgregiongaz.ru/
Resolving lk.peterburgregiongaz.ru (lk.peterburgregiongaz.ru)...
109.120.162.59
Connecting to lk.peterburgregiongaz.ru
(lk.peterburgregiongaz.ru)|109.120.162.59|:443... connected.
ERROR: cannot verify lk.peterburgregiongaz.ru's certificate, issued by
‘CN=Certum Domain Validation CA SHA2,OU=Certum Certification
Authority,O=Unizeto Technologies S.A.,C=PL’:
Unable to locally verify the issuer's authority.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security