Am 08.07.2017 um 23:10 schrieb Heiko Schlittermann:
As it seem, Pigeonhole sends you the full cert chain:
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `C=DE,ST=Baden-Wuerttemberg,L=Ettlingen,O=NOVA Elektroanlagen
…
- Certificate[2] info:
- subject `C=DE,ST=Baden-Wuerttemberg,L=Ettlingen,O=NOVA Elektroanlagen
GmbH,OU=NOVA Root CA,CN=NOVA Root CA', issuer
The last one being the CA used.
SHA-1 fingerprint `95326e3ff12683cc40a85874d562d0a6f15dcb37'
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Err
It is wrong to send the root CA along with the intermediate and server
certificates. The root CA cert must be in the CA trust bundle of the client.
Alexander
