Red Hat Bugzilla – Bug 1007473
Can't verify certificate for "keys.fedoraproject.org"
Last modified: 2013-09-14 06:15:04 EDT
Description of problem:
Can't verify certificate for "keys.fedoraproject.org".
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Use wget or curl to download https://keys.fedoraproject.org/.
# wget https://keys.fedoraproject.org/
--2013-09-12 18:34:15-- https://keys.fedoraproject.org/
Resolving keys.fedoraproject.org (keys.fedoraproject.org)... 220.127.116.11
Connecting to keys.fedoraproject.org (keys.fedoraproject.org)|18.104.22.168|:443... connected.
ERROR: cannot verify keys.fedoraproject.org's certificate, issued by '/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA':
Unable to locally verify the issuer's authority.
To connect to keys.fedoraproject.org insecurely, use `--no-check-certificate'.
Successful verification of certificate for "keys.fedoraproject.org".
The admin of that server must update the server configuration and:
"install the intermediate CA certificate"
Using this command it can be shown that the server sends the server cert, only, but doesn't send the intermediate CA cert that would be required to build a chain to the root CA cert.
openssl s_client -showcerts -connect keys.fedoraproject.org:443
Thanks for your quick response.