When browsing to https://forums.freebsd.org/ on certain browsers / platforms the Intermediate Certificate Authorities cannot be verified. This varies between browsers and platform the website is being viewed from. E.G. - On FreeBSD v10.1-p9 (using latest Midori and NSS), the signing certificate authority is not known (can't view), - On Android (4.4.2) I get NET::ERR_CERT_AUTHORITY_INVALID, (proceeds with error) and - On MS Windows (with recent updates applied) the keychain is seen as valid. See output from here: https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org&hideResults=on Also from SSLyze: * Certificate - Trust: Hostname Validation: OK - Subject Alternative Name matches "Mozilla NSS - 08/2014" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate "Microsoft - 08/2014" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate "Apple - OS X 10.9.4" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate "Java 6 - Update 65" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate Certificate Chain Received: ['forums.freebsd.org', 'Gandi Standard SSL CA'] (Thanks to Winfried Neessen for the above SSLyze output) This is potentially due to a known issue with Gandi SSL services, see here: http://wiki.gandi.net/en/ssl/intermediate As of right now, I cannot browse to https://forums.freebsd.org/ from a FreeBSD platform. Kr, James.
Thanks for reporting, I will check into this right now!
(In reply to Brad Davis from comment #1) Thanks!
Ok, I have upgraded the intermediate cert. SSLLabs shows it is better, but please test again.
Thanks for doing this - it seems OK now!! Have tested on: - FreeBSD v10.1-p9 with latest midori and nss root CA ports and works OK. - Android v4.4.2 with latest Google Chrome and works OK. (Latest as of 16:32 today)