[tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows

Pascal Pascal666 at Users.SourceForge.Net
Wed Jan 4 20:30:14 UTC 2012


Running www.digicert.com through that tool shows the 2nd intermediate 
certificate that needs to be included.

-Pascal


On 1/4/2012 2:21 PM, Pascal wrote:
> The tool at http://www.digicert.com/help/ does a good job of showing
> what is going on with a web site's certs. Traditionally a website is
> expected to send its own server cert and all intermediate certs, but not
> the root cert. You can run www.google.com through that tool to see how
> this looks. Running freenet.us.to through that tool shows how a site
> including the root cert looks. Running www.torproject.org through there
> shows that there are actually 2 intermediate certs required for the
> server cert used, but only 1 of them is being included.
>
> -Pascal
>
>
> On 1/4/2012 2:10 PM, Ondrej Mikle wrote:
>> 2. Since www.torproject.org does not send DigiCert root CA cert in
>> handshake, each browser builds yet another chain to root.
>>
>> Though it might be helpful if www.torproject.org sent whole chain (up to
>> Digicert root).
>>
>> Ondrej
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the tor-talk mailing list