Thread: Commitfest website certificate
I am seeing an error connecting to: https://commitfest.postgresql.org/ Firefox is saying: This Connection is Untrusted You have asked Firefox to connect securely to commitfest.postgresql.org,but we can't confirm that your connection is secure. _ It started happening when I removed my Firefox preferences directory. Is this normal? Does this site need an exception? -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
On Wed, Apr 18, 2012 at 19:30, Bruce Momjian <bruce@momjian.us> wrote: > I am seeing an error connecting to: > > https://commitfest.postgresql.org/ > > Firefox is saying: > > This Connection is Untrusted > > You have asked Firefox to connect securely to commitfest.postgresql.org, > but we can't confirm that your connection is secure. > _ > It started happening when I removed my Firefox preferences directory. > Is this normal? Does this site need an exception? It should not. Maybe someone is hacking your connection ;) It should be running with the same certificate as e.g. www.postgresql.org, which is a wildcard cert for *.postgresql.org valid until 2016. sha-256 fingerprint is: 5D 19 8E 15 76 4F F4 0E 3E B0 0E B0 F4 2D 12 1B 93 CB 28 32 4D 39 5E 8B DB 47 3D 2A 1B E9 54 35 -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
On Wed, Apr 18, 2012 at 07:34:49PM +0200, Magnus Hagander wrote: > On Wed, Apr 18, 2012 at 19:30, Bruce Momjian <bruce@momjian.us> wrote: > > I am seeing an error connecting to: > > > > https://commitfest.postgresql.org/ > > > > Firefox is saying: > > > > This Connection is Untrusted > > > > You have asked Firefox to connect securely to commitfest.postgresql.org, > > but we can't confirm that your connection is secure. > > _ > > It started happening when I removed my Firefox preferences directory. > > Is this normal? Does this site need an exception? > > It should not. Maybe someone is hacking your connection ;) > > It should be running with the same certificate as e.g. > www.postgresql.org, which is a wildcard cert for *.postgresql.org > valid until 2016. sha-256 fingerprint is: > 5D 19 8E 15 76 4F F4 0E 3E B0 0E B0 F4 2D 12 1B 93 CB 28 32 4D 39 5E > 8B DB 47 3D 2A 1B E9 54 35 Well, though I am not home, I have seen this failure from two different wireless networks. Here are the technical details: Technical Details commitfest.postgresql.org uses an invalid security certificate.The certificate is not trusted becauseno issuer chain was provided.(Error code: sec_error_unknown_issuer) This is with Firefox 11 on Ubuntu. Does this help? -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
On 04/18/2012 07:39 PM, Bruce Momjian wrote: > On Wed, Apr 18, 2012 at 07:34:49PM +0200, Magnus Hagander wrote: >> On Wed, Apr 18, 2012 at 19:30, Bruce Momjian <bruce@momjian.us> wrote: >>> I am seeing an error connecting to: >>> >>> https://commitfest.postgresql.org/ >>> >>> Firefox is saying: >>> >>> This Connection is Untrusted >>> >>> You have asked Firefox to connect securely to commitfest.postgresql.org, >>> but we can't confirm that your connection is secure. >>> _ >>> It started happening when I removed my Firefox preferences directory. >>> Is this normal? Does this site need an exception? >> >> It should not. Maybe someone is hacking your connection ;) >> >> It should be running with the same certificate as e.g. >> www.postgresql.org, which is a wildcard cert for *.postgresql.org >> valid until 2016. sha-256 fingerprint is: >> 5D 19 8E 15 76 4F F4 0E 3E B0 0E B0 F4 2D 12 1B 93 CB 28 32 4D 39 5E >> 8B DB 47 3D 2A 1B E9 54 35 > > Well, though I am not home, I have seen this failure from two different > wireless networks. Here are the technical details: > > Technical Details > commitfest.postgresql.org uses an invalid security certificate. > > The certificate is not trusted because no issuer chain was provided. > > (Error code: sec_error_unknown_issuer) > > This is with Firefox 11 on Ubuntu. Does this help? Just to test a theory - do you get the same error if you connect to https://meldrar.postgresql.org? Stefan
On Wed, Apr 18, 2012 at 07:49:08PM +0200, Stefan Kaltenbrunner wrote: > On 04/18/2012 07:39 PM, Bruce Momjian wrote: > > On Wed, Apr 18, 2012 at 07:34:49PM +0200, Magnus Hagander wrote: > >> On Wed, Apr 18, 2012 at 19:30, Bruce Momjian <bruce@momjian.us> wrote: > >>> I am seeing an error connecting to: > >>> > >>> https://commitfest.postgresql.org/ > >>> > >>> Firefox is saying: > >>> > >>> This Connection is Untrusted > >>> > >>> You have asked Firefox to connect securely to commitfest.postgresql.org, > >>> but we can't confirm that your connection is secure. > >>> _ > >>> It started happening when I removed my Firefox preferences directory. > >>> Is this normal? Does this site need an exception? > >> > >> It should not. Maybe someone is hacking your connection ;) > >> > >> It should be running with the same certificate as e.g. > >> www.postgresql.org, which is a wildcard cert for *.postgresql.org > >> valid until 2016. sha-256 fingerprint is: > >> 5D 19 8E 15 76 4F F4 0E 3E B0 0E B0 F4 2D 12 1B 93 CB 28 32 4D 39 5E > >> 8B DB 47 3D 2A 1B E9 54 35 > > > > Well, though I am not home, I have seen this failure from two different > > wireless networks. Here are the technical details: > > > > Technical Details > > commitfest.postgresql.org uses an invalid security certificate. > > > > The certificate is not trusted because no issuer chain was provided. > > > > (Error code: sec_error_unknown_issuer) > > > > This is with Firefox 11 on Ubuntu. Does this help? > > Just to test a theory - do you get the same error if you connect to > https://meldrar.postgresql.org? Yes. Technical details are the same too: Technical Details meldrar.postgresql.org uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
On Wed, Apr 18, 2012 at 01:52:27PM -0400, Bruce Momjian wrote: > > Just to test a theory - do you get the same error if you connect to > > https://meldrar.postgresql.org? > > Yes. Technical details are the same too: > > Technical Details > meldrar.postgresql.org uses an invalid security certificate. > > The certificate is not trusted because no issuer chain was provided. > > (Error code: sec_error_unknown_issuer) Here is someone having a similar error on Firefox 11: http://support.mozilla.org/en-US/questions/923163 -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
On 04/18/2012 07:58 PM, Bruce Momjian wrote: > On Wed, Apr 18, 2012 at 01:52:27PM -0400, Bruce Momjian wrote: >>> Just to test a theory - do you get the same error if you connect to >>> https://meldrar.postgresql.org? >> >> Yes. Technical details are the same too: >> >> Technical Details >> meldrar.postgresql.org uses an invalid security certificate. >> >> The certificate is not trusted because no issuer chain was provided. >> >> (Error code: sec_error_unknown_issuer) > > Here is someone having a similar error on Firefox 11: > > http://support.mozilla.org/en-US/questions/923163 yeah if you are NOT getting the error on https://www.postgresql.org we have identified the issue(it is affecting most of our ssl enabled sites running lighttpd) as some sort of viral(...) copy&paste fail - will be fixed soon... Stefan
On Wed, Apr 18, 2012 at 08:18:04PM +0200, Stefan Kaltenbrunner wrote: > On 04/18/2012 07:58 PM, Bruce Momjian wrote: > > On Wed, Apr 18, 2012 at 01:52:27PM -0400, Bruce Momjian wrote: > >>> Just to test a theory - do you get the same error if you connect to > >>> https://meldrar.postgresql.org? > >> > >> Yes. Technical details are the same too: > >> > >> Technical Details > >> meldrar.postgresql.org uses an invalid security certificate. > >> > >> The certificate is not trusted because no issuer chain was provided. > >> > >> (Error code: sec_error_unknown_issuer) > > > > Here is someone having a similar error on Firefox 11: > > > > http://support.mozilla.org/en-US/questions/923163 > > yeah if you are NOT getting the error on https://www.postgresql.org we > have identified the issue(it is affecting most of our ssl enabled sites I get no error for https://www.postgresql.org. > running lighttpd) as some sort of viral(...) copy&paste fail - will be > fixed soon... Thanks. You might be able to reproduce it by renaming ~/.mozilla to another name, starting Firefox 11, and going to the problem URL. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
On Wed, Apr 18, 2012 at 08:18:04PM +0200, Stefan Kaltenbrunner wrote: > On 04/18/2012 07:58 PM, Bruce Momjian wrote: > > On Wed, Apr 18, 2012 at 01:52:27PM -0400, Bruce Momjian wrote: > >>> Just to test a theory - do you get the same error if you connect to > >>> https://meldrar.postgresql.org? > >> > >> Yes. Technical details are the same too: > >> > >> Technical Details > >> meldrar.postgresql.org uses an invalid security certificate. > >> > >> The certificate is not trusted because no issuer chain was provided. > >> > >> (Error code: sec_error_unknown_issuer) > > > > Here is someone having a similar error on Firefox 11: > > > > http://support.mozilla.org/en-US/questions/923163 > > yeah if you are NOT getting the error on https://www.postgresql.org we > have identified the issue(it is affecting most of our ssl enabled sites > running lighttpd) as some sort of viral(...) copy&paste fail - will be > fixed soon... I can confirm that is now fixed! Thanks. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
On 04/18/2012 08:54 PM, Bruce Momjian wrote: > On Wed, Apr 18, 2012 at 08:18:04PM +0200, Stefan Kaltenbrunner wrote: >> On 04/18/2012 07:58 PM, Bruce Momjian wrote: >>> On Wed, Apr 18, 2012 at 01:52:27PM -0400, Bruce Momjian wrote: >>>>> Just to test a theory - do you get the same error if you connect to >>>>> https://meldrar.postgresql.org? >>>> >>>> Yes. Technical details are the same too: >>>> >>>> Technical Details >>>> meldrar.postgresql.org uses an invalid security certificate. >>>> >>>> The certificate is not trusted because no issuer chain was provided. >>>> >>>> (Error code: sec_error_unknown_issuer) >>> >>> Here is someone having a similar error on Firefox 11: >>> >>> http://support.mozilla.org/en-US/questions/923163 >> >> yeah if you are NOT getting the error on https://www.postgresql.org we >> have identified the issue(it is affecting most of our ssl enabled sites >> running lighttpd) as some sort of viral(...) copy&paste fail - will be >> fixed soon... > > I can confirm that is now fixed! Thanks. heh it was not actually fixed the moment you sent the mail, it "looked" like it was fixed to you because your client probably cached the intermediate certs the time you hit www.postgresql.org... Stefan
On 04/18/2012 08:53 PM, Bruce Momjian wrote: > On Wed, Apr 18, 2012 at 08:18:04PM +0200, Stefan Kaltenbrunner wrote: >> On 04/18/2012 07:58 PM, Bruce Momjian wrote: >>> On Wed, Apr 18, 2012 at 01:52:27PM -0400, Bruce Momjian wrote: >>>>> Just to test a theory - do you get the same error if you connect to >>>>> https://meldrar.postgresql.org? >>>> >>>> Yes. Technical details are the same too: >>>> >>>> Technical Details >>>> meldrar.postgresql.org uses an invalid security certificate. >>>> >>>> The certificate is not trusted because no issuer chain was provided. >>>> >>>> (Error code: sec_error_unknown_issuer) >>> >>> Here is someone having a similar error on Firefox 11: >>> >>> http://support.mozilla.org/en-US/questions/923163 >> >> yeah if you are NOT getting the error on https://www.postgresql.org we >> have identified the issue(it is affecting most of our ssl enabled sites > > I get no error for https://www.postgresql.org. > >> running lighttpd) as some sort of viral(...) copy&paste fail - will be >> fixed soon... > > Thanks. You might be able to reproduce it by renaming ~/.mozilla to > another name, starting Firefox 11, and going to the problem URL. much easier to test using something like: openssl s_client -connect commitfest.postgresql.org:443 no need to cripple your FF install :) Stefan
On Wed, Apr 18, 2012 at 09:16:21PM +0200, Stefan Kaltenbrunner wrote: > On 04/18/2012 08:54 PM, Bruce Momjian wrote: > > On Wed, Apr 18, 2012 at 08:18:04PM +0200, Stefan Kaltenbrunner wrote: > >> On 04/18/2012 07:58 PM, Bruce Momjian wrote: > >>> On Wed, Apr 18, 2012 at 01:52:27PM -0400, Bruce Momjian wrote: > >>>>> Just to test a theory - do you get the same error if you connect to > >>>>> https://meldrar.postgresql.org? > >>>> > >>>> Yes. Technical details are the same too: > >>>> > >>>> Technical Details > >>>> meldrar.postgresql.org uses an invalid security certificate. > >>>> > >>>> The certificate is not trusted because no issuer chain was provided. > >>>> > >>>> (Error code: sec_error_unknown_issuer) > >>> > >>> Here is someone having a similar error on Firefox 11: > >>> > >>> http://support.mozilla.org/en-US/questions/923163 > >> > >> yeah if you are NOT getting the error on https://www.postgresql.org we > >> have identified the issue(it is affecting most of our ssl enabled sites > >> running lighttpd) as some sort of viral(...) copy&paste fail - will be > >> fixed soon... > > > > I can confirm that is now fixed! Thanks. > > heh it was not actually fixed the moment you sent the mail, it "looked" > like it was fixed to you because your client probably cached the > intermediate certs the time you hit www.postgresql.org... Oh, good point. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +