[OSM-talk-be] JOSM Remote control
Glenn Plas
glenn at byte-consult.be
Fri Feb 27 08:20:53 UTC 2015
On 26-02-15 20:52, Marc Gemis wrote:
> Somewhere last weekend a new certificate was installed on osm.org
> <http://osm.org>. It's some kind of weird certificate (don't know the
> details, but it was discussed on the josm-dev mailing list), since it is
> signed by startssl.
StartSSL is a free certificate provider, and most probably firefox
doesn't have the intermediate certificate chain on board which means it
cannot verify.
That is probably the reason, although I do not see startSSL as the
certificate writer, I see rapidSSL instead. startSSL is not really a
great one to use actually for a site like this.
Apple products have the same problem with the latest GoDaddy certificates.
https://www.sslshopper.com/cheapest-ssl-certificates.html
You might want to try this in firefox:
https://www.sslshopper.com/ssl-checker.html#hostname=https://www.openstreetmap.org
And see if it gives you a chain error or not. It will work in chrome,
but it depends on the browser.
If you don't get the all-green in firefox, you just need to assemble a
chain file with the missing intermediate certificates so the browser can
validate.
Note, this heavily depends on firefox (/browser) version, I see in my FF
that it loads the intermediates fine:
Common name: RapidSSL CA
Organization: GeoTrust, Inc.
Location: US
Valid from February 19, 2010 to February 18, 2020
Serial Number: 145105 (0x236d1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: GeoTrust Global CA
Common name: GeoTrust Global CA
Organization: GeoTrust Inc.
Location: US
Valid from May 20, 2002 to August 20, 2018
Serial Number: 1227750 (0x12bbe6)
Signature Algorithm: sha1WithRSAEncryption
Issuer: Equifax
Glenn
More information about the Talk-be
mailing list