Bug 1007473 - Can't verify certificate for "keys.fedoraproject.org"
Can't verify certificate for "keys.fedoraproject.org"
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: ca-certificates (Show other bugs)
19
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Kai Engert (:kaie)
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-12 10:39 EDT by Vladislav Grigoryev
Modified: 2013-09-14 06:15 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-14 06:15:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vladislav Grigoryev 2013-09-12 10:39:51 EDT
Description of problem:
Can't verify certificate for "keys.fedoraproject.org".

Version-Release number of selected component (if applicable):
ca-certificates-2013.1.94-1.fc19.noarch

How reproducible:
Always.

Steps to Reproduce:
Use wget or curl to download https://keys.fedoraproject.org/.

Actual results:
# wget https://keys.fedoraproject.org/
--2013-09-12 18:34:15--  https://keys.fedoraproject.org/
Resolving keys.fedoraproject.org (keys.fedoraproject.org)... 80.239.156.219
Connecting to keys.fedoraproject.org (keys.fedoraproject.org)|80.239.156.219|:443... connected.
ERROR: cannot verify keys.fedoraproject.org's certificate, issued by '/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA':
  Unable to locally verify the issuer's authority.
To connect to keys.fedoraproject.org insecurely, use `--no-check-certificate'.

Expected results:
Successful verification of certificate for "keys.fedoraproject.org".
Comment 1 Kai Engert (:kaie) 2013-09-12 15:00:03 EDT
The admin of that server must update the server configuration and:
  "install the intermediate CA certificate"

Using this command it can be shown that the server sends the server cert, only, but doesn't send the intermediate CA cert that would be required to build a chain to the root CA cert.
   openssl s_client -showcerts -connect keys.fedoraproject.org:443
Comment 2 Vladislav Grigoryev 2013-09-14 06:15:04 EDT
Thanks for your quick response.
Redirected to:
https://fedorahosted.org/fedora-infrastructure/ticket/4004

Note You need to log in before you can comment on or make changes to this bug.