jabber.org cert signed by "unknown authority"
joe.hildebrand at webex.com
Wed Nov 11 00:08:18 UTC 2009
Luckily, you caught me just as I was about to apply the patch.
With 10.6.1, I have a cert with that name/date with a SHA1 fingerprint of:
95 E6 AD F8 D7 71 46 02 4D D5 6A 21 B2 E7 3F CD F2 3B 35 FF
After the upgrade, that cert doesn't exist. I've got one called "StartCom
Class 3 Primary Email Free CA" with expiration of 4/4/10, and a fingerprint
CF 01 DC 25 90 C9 55 C1 8D 76 5A 34 38 F7 37 F1 EB 3B BB 71
However, that cert is marked as "This certificate was signed by an unknown
On 11/11/09 7:17 AM, "Peter Saint-Andre" <stpeter at stpeter.im> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 11/11/09 5:27 AM, Peter Saint-Andre wrote:
>> On 11/10/09 10:55 PM, Zachary West wrote:
>>> Is the certificate chain missing a link to the root, or is its root CA
>>> suddenly untrusted on Snow Leopard?
>> I'm looking into this with folks from StartCom. There have, over time,
>> been two StartCom roots. Certificates issued by the XMPP ICA (which is
>> no longer issuing certificates, because now they are being issued
>> directly by StartCom) were issued under the old root. So it seems to me
>> that perhaps Apple removed the old root from their cert store before all
>> the certificates issued under that root had expired. I'll follow up with
>> StartCom about this and report back.
> Further research indicates that this is a problem only on Snow Leopard
> (I just installed the latest security update on Leopard and the old root
> is still in the keychain).
> Could someone do me a favor and look in their keychain on Snow Leopard
> to verify that a root for "Free SSL Certification Authority" is or is
> not in the system roots? (Click to inspect the cert and it will mention
> StartCom -- the old root expires on March 11, 2035.)
> - --
> Peter Saint-Andre
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
More information about the devel