https://www.ssllabs.com/ssltest/analyze.html?d=savannah.gnu.org
Looks like "USERTrust RSA Certification Authority" root CA cert is missing
from the ca-certificates store of fencepost. Not sure when it was added to
browser's root store, but might be a good idea to send it along with the
entire certificate chain for now. Better yet, update fencepost's
ca-certificates.
Aside from that, it would be nice if savannah's SSL/TLS config was updated
to enable better cipher suite choices and newer protocols. See
https://wiki.mozilla.org/Security/Server_Side_TLS for some examples on how
to do this.
~reed
On Mon, Mar 9, 2015 at 11:46 AM, Ineiev wrote:
> On Mon, Mar 02, 2015 at 10:15:31PM +, Bob Proulx wrote:
> > The https SSL certificates for the Savannah web site have been updated.
>
> It looks like this disabled some of my cron jobs on fencepost.gnu.org;
> it used to wget https://...savannah.gnu.org/...; now it says
> ERROR: cannot verify savannah.gnu.org's certificate, issued by
> `/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2':
> Unable to locally verify the issuer's authority.
>
> Probably I should file a request to sysadmin, or configure
> something in ~/.
>
> Any ideas?
>
>