Hey folks, the problem still exists (or rather again). Shortly after my initial email someone decided to turn the redirect to HTTPS off again, but now it's back, only the certificate chain hasn't been fixed.
OpenSSL gives me: $ openssl s_client -connect www.sqlite.org:443 CONNECTED(00000003) write:errno=104 ... whereas with other services that have a full certificate chain you get to see that. E.g. with google.com: $ openssl s_client -connect www.google.com:443 CONNECTED(00000003) depth=1 /C=US/O=Google Inc/CN=Google Internet Authority verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority 1 s:/C=US/O=Google Inc/CN=Google Internet Authority i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDgDCCAumgAwIBAgIKMbrKwgABAACPzDANBgkqhkiG9w0BAQUFADBGMQswCQYD ... well, you get my drift. The reason this works with Firefox is, because it has the certificate chain for GoDaddy built-in and therefore is able to "fill the blanks". Google Chrome and Internet Explorer use - on Windows that is - the certificate store which, at least on my Windows 7 installations, contains the root certificate from GoDaddy. rekonq on Kubuntu fails: > The certificate authority's certificate is invalid > The root certificate authority's certificate is not trusted for this purpose > The certificate cannot be verified for internal reasons ... just like Opera: > Secure connection: fatal error (40) > > https://www.sqlite.org/ > > Failed to connect to server. The reason may be that the encryption methods > supported by the server are not enabled in the security preferences. ... and OpenSSL. // Oliver PS: you can also use instead of OpenSSL something like: https://www.digicert.com/help/ ... result is: > The certificate is not signed by a trusted authority (checking against > Mozilla's root store). If you bought the certificate from a trusted > authority, you probably just need to install one or more Intermediate > certificates. Contact your certificate provider for assistance doing this for > your server platform. _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
