[tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows

Pascal Pascal666 at Users.SourceForge.Net
Wed Jan 4 20:21:33 UTC 2012


The tool at http://www.digicert.com/help/ does a good job of showing 
what is going on with a web site's certs.  Traditionally a website is 
expected to send its own server cert and all intermediate certs, but not 
the root cert.  You can run www.google.com through that tool to see how 
this looks.  Running freenet.us.to through that tool shows how a site 
including the root cert looks.  Running www.torproject.org through there 
shows that there are actually 2 intermediate certs required for the 
server cert used, but only 1 of them is being included.

-Pascal


On 1/4/2012 2:10 PM, Ondrej Mikle wrote:
> 2. Since www.torproject.org does not send DigiCert root CA cert in
> handshake, each browser builds yet another chain to root.
>
> Though it might be helpful if www.torproject.org sent whole chain (up to
> Digicert root).
>
> Ondrej


More information about the tor-talk mailing list