Re: Console downloaders give *The certificate of ‘www.alsa-project.org’ hasn't got a known issuer.*

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Jaroslav,


On 12/19/18 16:01, Paul Menzel wrote:

> On 12/18/18 19:18, Jaroslav Kysela wrote:
>> Dne 18.12.2018 v 18:30 Paul Menzel napsal(a):
>>> [Please CC, as I am not subscribed.]
> 
>>> Despite working in the browser (Mozilla Firefox), GNU Wget and curl give
>>> the error below trying to download the script `alsa-info.sh`.
>>>
>>>     $ wget https://www.alsa-project.org/alsa-info.sh
>>>     --2018-12-18 17:27:57--  https://www.alsa-project.org/alsa-info.sh
>>>     Resolving www.alsa-project.org (www.alsa-project.org)... 77.48.224.243
>>>     Connecting to www.alsa-project.org (www.alsa-project.org)|77.48.224.243|:443... connected.
>>>     ERROR: The certificate of ‘www.alsa-project.org’ is not trusted.
>>>     ERROR: The certificate of ‘www.alsa-project.org’ hasn't got a known issuer.
> 
>> We use Let's Encrypt (https://letsencrypt.org) certificates based on the
>> domain verification. It appears that your system CA certificate package
>> is missing the current CA key:
>>
>> issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
>>
>> You can find this CA certificate here:
>>
>> https://letsencrypt.org/certificates/
>>
>> The browsers are using own CA certificate database, and the Let's
>> Encrypt CA certificate is regularly updated there.
> 
> I believe, you need to add that certificate to the chain. The online
> SSL test also fails and complains about incomplete certificate
> chain [1].
> 
>> This server's certificate chain is incomplete. Grade capped to B.
> 
> Here is what the test with `openssl` shows.
> 
> ```
> $ openssl s_client -connect www.alsa-project.org:443
> CONNECTED(00000003)
> depth=0 CN = alsa-project.org
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 CN = alsa-project.org
> verify error:num=21:unable to verify the first certificate
> verify return:1
> ---
> Certificate chain
>  0 s:CN = alsa-project.org
>    i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> ---
> […]
> ```
> 
> Does that work on your system?

It does not work for me with the certificates downloaded from [2],
which should use the Mozilla database, and with Debian Stretch/stable.


Kind regards,

Paul


> [1]: https://www.ssllabs.com/ssltest/analyze.html?d=www.alsa-project.org

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel

[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux