jabber.org cert signed by "unknown authority"
stpeter at stpeter.im
Tue Nov 10 22:17:16 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
On 11/11/09 5:27 AM, Peter Saint-Andre wrote:
> On 11/10/09 10:55 PM, Zachary West wrote:
>> Is the certificate chain missing a link to the root, or is its root CA
>> suddenly untrusted on Snow Leopard?
> I'm looking into this with folks from StartCom. There have, over time,
> been two StartCom roots. Certificates issued by the XMPP ICA (which is
> no longer issuing certificates, because now they are being issued
> directly by StartCom) were issued under the old root. So it seems to me
> that perhaps Apple removed the old root from their cert store before all
> the certificates issued under that root had expired. I'll follow up with
> StartCom about this and report back.
Further research indicates that this is a problem only on Snow Leopard
(I just installed the latest security update on Leopard and the old root
is still in the keychain).
Could someone do me a favor and look in their keychain on Snow Leopard
to verify that a root for "Free SSL Certification Authority" is or is
not in the system roots? (Click to inspect the cert and it will mention
StartCom -- the old root expires on March 11, 2035.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the devel