[tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
Pascal
Pascal666 at Users.SourceForge.Net
Wed Jan 4 20:21:33 UTC 2012
The tool at http://www.digicert.com/help/ does a good job of showing
what is going on with a web site's certs. Traditionally a website is
expected to send its own server cert and all intermediate certs, but not
the root cert. You can run www.google.com through that tool to see how
this looks. Running freenet.us.to through that tool shows how a site
including the root cert looks. Running www.torproject.org through there
shows that there are actually 2 intermediate certs required for the
server cert used, but only 1 of them is being included.
-Pascal
On 1/4/2012 2:10 PM, Ondrej Mikle wrote:
> 2. Since www.torproject.org does not send DigiCert root CA cert in
> handshake, each browser builds yet another chain to root.
>
> Though it might be helpful if www.torproject.org sent whole chain (up to
> Digicert root).
>
> Ondrej
More information about the tor-talk
mailing list