Uploaded image for project: 'Qt Project Website'
  1. Qt Project Website
  2. QTWEBSITE-410

qt-project.org on 87.238.53.172 is not transmitting the required intermediate certificates for ssl

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Not Evaluated
    • None
    • None
    • qt-project.org
    • None
    • This can be seen in a fresh firefox install (before it builds up a cache of intermediate certificates from other sites). It should also be reproducable using QSslSocket.

    Description

      Attempting to connect to the site using a fresh firefox install or QSslSocket will give an error indicating an untrusted issuer. This is due to the intermediate certificates between the site's leaf certificate and the trusted root not being transmitted. In openssl this generally shows up as X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY.

      To address this the intermediate certificate referenced by the Authority Information Access, CA Issuers field at
      http://gtssl-aia.geotrust.com/gtssl.crt should be added to the configuration using the SSLCertificateChainFile directive to mod_ssl. See http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcertificatechainfile for details.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            richmoore Richard Moore (qtnetwork)
            richmoore Richard Moore (qtnetwork)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes