[gnutls-devel] Name constraint error?
Andreas Metzler
ametzler at bebt.de
Sun Dec 20 16:37:07 CET 2015
On 2015-12-20 Kurt Roeckx <kurt at roeckx.be> wrote:
> Hi,
> When trying to connect to cdn.it.auth.gr I get:
> - Status: The certificate is NOT trusted. The certificate chain violates the signer's constraints.
> However, I can't see anything wrong with it and NSS and OpenSSL
> seem to be accepting it.
[...]
The error happens at the CA->intermed step.
host
Issuer: C=GR,O=Aristotle University of Thessaloniki,CN=Aristotle University of Thessaloniki Central CA R5
Subject: C=GR,O=Aristotle University of Thessaloniki,OU=IT Center,CN=cdn.it.auth.gr
intermed CA
Issuer: C=GR,O=Hellenic Academic and Research Institutions Cert. Authority,CN=Hellenic Academic and Research Institutions RootCA 2011
Subject: C=GR,O=Aristotle University of Thessaloniki,CN=Aristotle University of Thessaloniki Central CA R5
root CA
Issuer: C=GR,O=Hellenic Academic and Research Institutions Cert. Authority,CN=Hellenic Academic and Research Institutions RootCA 2011
Subject: C=GR,O=Hellenic Academic and Research Institutions Cert. Authority,CN=Hellenic Academic and Research Institutions RootCA 2011
Name Constraints (not critical):
Permitted:
DNSname: .gr
DNSname: .eu
DNSname: .edu
DNSname: .org
RFC822Name: .gr
RFC822Name: .eu
RFC822Name: .edu
RFC822Name: .org
I suspect that the Name Constraints might cause the error.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gnutls-devel
mailing list