<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div>
<p dir="auto">That is a matter if the issuer's CA cert is in your system trust store. E.g. in Debian (unstable) it is not available. You can download the CA cert from Comodo and install it locally. Firefox comes with it's own list of CA certs, while GnuTLS uses the certs/store configured by the application (Gnome Web).</p>
<p dir="auto">Chech here on Debian unstable:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ gnutls-cli www.everymancork.com</span>
<span id="LC2" class="line" lang="plaintext">Processed 133 CA certificate(s).</span>
<span id="LC3" class="line" lang="plaintext">Resolving 'www.everymancork.com:443'...</span>
<span id="LC4" class="line" lang="plaintext">Connecting to '81.17.255.246:443'...</span>
<span id="LC5" class="line" lang="plaintext">- Certificate type: X.509</span>
<span id="LC6" class="line" lang="plaintext">- Got a certificate list of 1 certificates.</span>
<span id="LC7" class="line" lang="plaintext">- Certificate[0] info:</span>
<span id="LC8" class="line" lang="plaintext"> - subject `CN=www.everymancork.com,OU=COMODO SSL,OU=Hosted by iPLANiT Ltd.,OU=Domain Control Validated', issuer `CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x06c9f1402a16b25ced3c5c143a3deec7, RSA key 2048 bits, signed using RSA-SHA256, activated `2018-08-03 00:00:00 UTC', expires `2019-08-03 23:59:59 UTC', pin-sha256="0LqTpsw0MIz8uTX/15sP2Y48kxyZR9X9nbBy23HQREA="</span>
<span id="LC9" class="line" lang="plaintext"> Public Key ID:</span>
<span id="LC10" class="line" lang="plaintext"> sha1:e836d9a0340612aad35ea7fccf071a12aa3744c7</span>
<span id="LC11" class="line" lang="plaintext"> sha256:d0ba93a6cc34308cfcb935ffd79b0fd98e3c931c9947d5fd9db072db71d04440</span>
<span id="LC12" class="line" lang="plaintext"> Public Key PIN:</span>
<span id="LC13" class="line" lang="plaintext"> pin-sha256:0LqTpsw0MIz8uTX/15sP2Y48kxyZR9X9nbBy23HQREA=</span>
<span id="LC14" class="line" lang="plaintext"></span>
<span id="LC15" class="line" lang="plaintext">- Status: The certificate is NOT trusted. The certificate issuer is unknown. </span>
<span id="LC16" class="line" lang="plaintext">*** PKI verification of server certificate failed...</span>
<span id="LC17" class="line" lang="plaintext">*** Fatal error: Error in the certificate.</span></code></pre>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/625#note_119690206">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/049a63d33e1a6a129c5c9104778228a3/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/625#note_119690206"}}</script>
</p>
</div>
</body>
</html>