[tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows

[Greg]

I tried to attach a screenshot, but that put my message over the 50KB
needs-approval limit. See my message  below (minus the attachment).

2012/1/4 Greg <Greg at alumni.brown.edu>:
> Hi Andrew,
> Thank you for taking a stab at this issue!  I just tried this now, and
> it still doesn't work.  I don't remember precisely what the chain
> looked, so I can't be sure I'm seeing anything different at all. I
> restarted Chrome (but not Windows).  Both www.torproject.org and
> trac.torproject.org show the same error.
> The chain that I see now is:
> *.torproject.org --> DigiCert High Assurance CA-3 --> DigiCert
> (i've attached a screen shot of this.)
>
> Thanks,
> Greg
>
> 2012/1/4 Andrew Lewman <andrew at torproject.org>:
>> I think this is fixed for www.torproject.org now. Digicert apparently
>> updated their ca chained certs at some point. I've put the updated
>> ca-certs on the www servers. If this works, we can update them on all
>> torproject servers.
>>
>> And for fun, I've attached the gnutls-cli output of the old cert in
>> place and the new cert in place.
>>
>> tl;dr we went from:
>> our cert -> DigiCert High Assurance CA-3
>>
>> to now:
>> cert -> DigiCert High Assurance CA-3 -> DigiCert High Assurance EV Root
>> CA
>>
>> I couldn't replicate the problem in Chromium, FF9, nor whatever version
>> of android i have on an obsolete phone.