[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#758698: security-tracker: Valid, trusted Certificates Fail Validation

Package: security-tracker
Severity: normal

A number of jabber client programs, like gajim, mcabber, pidgin, psi report a GoDaddy signed certificate as 'Certificate cannot be trusted' or 'Certificate cannot be verified'. This used to work fine, I had no issues previously and I do not really know when it started, some weeks ago gajim started to complain.
In gajim, when I click 'View Cert' I get the following information:

Issued to:
Common Name (CN): jabber.redwood.com
Organization (O): None
Organizationl Unit (OU): Domain Control Validated
Serial Number: 12151355787224957

Issued by:
Common Name (CN): Go Daddy Secure Certificate Authority - G2
Organization (O): GoDaddy.com, Inc.
Organizationl Unit (OU): http://certs.godaddy.com/repository/

Issued on: 20140715065303Z
Expires on: 20150715065303Z

SHA1 Fingerprint: D4:79:32:73:36:15:97:F0:06:7F:22:55:25:C0:16:37:88:E8:68:2B

Now, I do not understand why these programs cannot verify this certificate other than the goDaddy certificates in /usr/share/ca-certificates/mozilla/ for GoDaddy have a different Common Name:

Go Daddy Root Certificate Authority - G2
Go Daddy Secure Certificate Authority - G2

I am not sure what the problem is, here, my browser (Firefox 31.0) accepts this certificate authority. 
Since it is not limited to gajim, I think it is an issue in debian.


HP, happy Debian user since 2002

-- System Information:
Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash



Tech Writer

RunMyJobs: Process Automation in the Cloud

This message may contain confidential or legally privileged information. In the event of any error in transmission, unauthorized recipients are requested to contact the sender immediately and do not disclose or make use of this information. No warranties or
 assurances are made or given as to the accuracy of the information given or in relation to the safety of this e-mail and any attachments. No liability whatsoever is accepted for any consequences arising from this e-mail.

If I don't document something, it's usually either for a good reason,
or a bad reason.  In this case it's [certainly for] 
a good reason.  :-)

Larry Wal

Reply to: