jabber.org cert signed by "unknown authority"
Peter Saint-Andre
stpeter at stpeter.im
Tue Nov 10 22:17:16 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/11/09 5:27 AM, Peter Saint-Andre wrote:
> On 11/10/09 10:55 PM, Zachary West wrote:
>> Is the certificate chain missing a link to the root, or is its root CA
>> suddenly untrusted on Snow Leopard?
>
> I'm looking into this with folks from StartCom. There have, over time,
> been two StartCom roots. Certificates issued by the XMPP ICA (which is
> no longer issuing certificates, because now they are being issued
> directly by StartCom) were issued under the old root. So it seems to me
> that perhaps Apple removed the old root from their cert store before all
> the certificates issued under that root had expired. I'll follow up with
> StartCom about this and report back.
Further research indicates that this is a problem only on Snow Leopard
(I just installed the latest security update on Leopard and the old root
is still in the keychain).
Could someone do me a favor and look in their keychain on Snow Leopard
to verify that a root for "Free SSL Certification Authority" is or is
not in the system roots? (Click to inspect the cert and it will mention
StartCom -- the old root expires on March 11, 2035.)
Thanks!
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr55mwACgkQNL8k5A2w/vzb+gCfdmHbCrTS2Ukn/gJD4sCc3UgR
aO8An1/8lEKP5JUOB/EpgiG9DO0SPvQP
=KZuZ
-----END PGP SIGNATURE-----
More information about the devel
mailing list