Description of problem: Can't verify certificate for "keys.fedoraproject.org". Version-Release number of selected component (if applicable): ca-certificates-2013.1.94-1.fc19.noarch How reproducible: Always. Steps to Reproduce: Use wget or curl to download https://keys.fedoraproject.org/. Actual results: # wget https://keys.fedoraproject.org/ --2013-09-12 18:34:15-- https://keys.fedoraproject.org/ Resolving keys.fedoraproject.org (keys.fedoraproject.org)... 80.239.156.219 Connecting to keys.fedoraproject.org (keys.fedoraproject.org)|80.239.156.219|:443... connected. ERROR: cannot verify keys.fedoraproject.org's certificate, issued by '/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA': Unable to locally verify the issuer's authority. To connect to keys.fedoraproject.org insecurely, use `--no-check-certificate'. Expected results: Successful verification of certificate for "keys.fedoraproject.org".
The admin of that server must update the server configuration and: "install the intermediate CA certificate" Using this command it can be shown that the server sends the server cert, only, but doesn't send the intermediate CA cert that would be required to build a chain to the root CA cert. openssl s_client -showcerts -connect keys.fedoraproject.org:443
Thanks for your quick response. Redirected to: https://fedorahosted.org/fedora-infrastructure/ticket/4004