[gnutls-devel] GnuTLS | GnuTLS 3.6.4 based Gnome Web TLS error on site that Firefox does not complain about (#625)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Nov 23 17:59:12 CET 2018

That is a matter if the issuer's CA cert is in your system trust store. E.g. in Debian (unstable) it is not available. You can download the CA cert from Comodo and install it locally. Firefox comes with it's own list of CA certs, while GnuTLS uses the certs/store configured by the application (Gnome Web).

Chech here on Debian unstable:
$ gnutls-cli www.everymancork.com
Processed 133 CA certificate(s).
Resolving 'www.everymancork.com:443'...
Connecting to ''...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `CN=www.everymancork.com,OU=COMODO SSL,OU=Hosted by iPLANiT Ltd.,OU=Domain Control Validated', issuer `CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x06c9f1402a16b25ced3c5c143a3deec7, RSA key 2048 bits, signed using RSA-SHA256, activated `2018-08-03 00:00:00 UTC', expires `2019-08-03 23:59:59 UTC', pin-sha256="0LqTpsw0MIz8uTX/15sP2Y48kxyZR9X9nbBy23HQREA="
        Public Key ID:
        Public Key PIN:

- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/625#note_119690206
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181123/b2f37862/attachment.html>

More information about the Gnutls-devel mailing list