View previous topic :: View next topic |
Author |
Message |
trosmus n00b
Joined: 01 Apr 2015 Posts: 3 Location: Seattle, WA
|
Posted: Thu Apr 02, 2015 6:52 pm Post subject: ca-certificates-20140927.3.17.2 & secure.authorize.net |
|
|
Ever since the lastest update to ca-certificates, SSL connections to secure.authorize.net
have been failing with "Verification failure: unable to get local issuer certificate".
Any ideas? This has broken a couple of colo websites that use secure.authorize.net
for CC payments. OpenSSL shows...
# openssl s_client -connect secure.authorize.net:443 -CApath /etc/ssl/certs
depth=2 C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
CONNECTED(00000003)
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/O=Cybersource Corporation/businessCategory=Private Organization/serialNumber=2838921/CN=secure.authorize.net
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1E
1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1E
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
2 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgIETCDA3DANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMzAzMDYxNDU5MzVaFw0xNTA2MDcw
MjE5MDJaMIHaMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG
A1UEBxMNTW91bnRhaW4gVmlldzETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysG
AQQBgjc8AgECEwhEZWxhd2FyZTEgMB4GA1UEChMXQ3liZXJzb3VyY2UgQ29ycG9y
YXRpb24xHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMS0wDgYDVQQFEwcy
ODM4OTIxMBsGA1UEAxMUc2VjdXJlLmF1dGhvcml6ZS5uZXQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDR/7hYpvE1V+uSi7y4gTRHe5kpgr3dZ4FLErmN
vD39LTToZSeHRhxlHKiEGlN1IbdOVwm3QqdIm7ynu29Lffo4zy/Jh+gVKGRDswYC
nzEZjm1tfbKlAMVpAtW4x5zOegOpzP7966OV6kTwsvA18Hb5NQ3+1tFpJiT9NIhh
VBPjqZlweGFK80yIeUm1DgljFGdutTgYPczZvfpNU2haQ+8TCzvSjvYvQTGhYlvl
FuYAqmA7cI7h8DJ+N3UlW15vbuOEATcAMikFF+uHSZT559kNsSt8NGq3Y+7tHvAp
Hxr3FVKO3xrvZ0L6Ary3C9KvX4e3AXbmhXHXUn5lbX0QCJFzAgMBAAGjggF7MIIB
dzALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUG
CCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5u
ZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFlLWNoYWlu
LmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xl
dmVsMWUuY3JsMEEGA1UdIAQ6MDgwNgYKYIZIAYb6bAoBAjAoMCYGCCsGAQUFBwIB
FhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAfBgNVHREEGDAWghRzZWN1cmUu
YXV0aG9yaXplLm5ldDAfBgNVHSMEGDAWgBRbQYqyxEPBvb/IVEFVneCWrf+5oTAd
BgNVHQ4EFgQUljvDckDuCgRJ5cXqLY/2MKTkgsMwCQYDVR0TBAIwADANBgkqhkiG
9w0BAQUFAAOCAQEAcXvGBPTaw3Ulg7Rz6u5MKdl0o6RtkIsDHwJhTeZYz9OBR8Dq
yvy52arljVTOUt9ZqJdUdfhfc/57Bgix5Zz897c+zVdLy/NVReEzdd4+PVTrL5jy
7RCOzlxUTBg0WJDjM6HmAKkpE4n/4Q81NEdVH5KSoZevK6QSOf443JXuXRWLpiCA
0rwyU6K8cL0ZSEcr5j4h9hJ5zTUGnJFK3gg67BeL6ftxqj+5X7fKV+TDlmH4RfeU
lMpcvN3aHUfogQvA/eXlnN4yOWaSiQBRHq0U8zP/b0VQk0NHp6+O0mFultt4O/kL
ZYsoMpMn3KQd2aYgXuyHIsV6Rz2PlvM7PeQ4Bw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/O=Cybersource Corporation/businessCategory=Private Organization/serialNumber=2838921/CN=secure.authorize.net
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1E
---
No client certificate CA names sent
---
SSL handshake has read 4060 bytes and written 622 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : RC4-SHA
Session-ID: 6DD2963E50361AB64EA07CCA3A1B540613EB098F7940D2E2788FCFC3D74376A1 Session-ID-ctx:
Master-Key: 1E7CE52A1CCE660E8580D3B8E86FCEC2A233633F69EB1C46FB0F8E01DEFCC53787606FDB7358FCE3457F7A250858C6D4
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1428000589
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
DONE |
|
Back to top |
|
|
Tub n00b
Joined: 08 Feb 2005 Posts: 21
|
Posted: Wed Apr 08, 2015 8:47 am Post subject: |
|
|
I recently noticed similar problems connecting to nic.changeip.com. Downgrading to app-misc/ca-certificates-20130906-r1 did not resolve my issue.
I've tried connecting from several computers with multiple applications to both secure.authorize.net and nic.changeip.com:
* gentoo, openssl on the command line: neither works
* Ubuntu 14.10 LTS, openssl on the command line: neither works
* gentoo, Firefox: authorize.net works, changeip.com doesn't
* Windows, Firefox: authorize.net works, changeip.com doesn't
* gentoo, chromium: both work
* Windows, Chrome: both work
* Windows, IE11: authorize.net works, changeip.com doesn't
So whatever happened, it's not gentoo specific. I'm not entirely sure our problems are related (except for happening within a few days of each other), since the error messages are different.
If changeip.com stopped working, I'd expect thousands of angry voices, yet I have still to find a single report..
Have you found a solution to your problems? _________________ m00 |
|
Back to top |
|
|
trosmus n00b
Joined: 01 Apr 2015 Posts: 3 Location: Seattle, WA
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|