Posts

Showing posts from December, 2007

Firefox does not trust some sites

Just to summarize why Firefox does not trust the https://www.clevery.co.jp/ online shop. Apparently the server at https://www.clevery.co.jp/ only sends its own certificate when I open their page. What most sites usually do is that they send not only their own certificate, but also the certificate of their issuer, and the certificate of that issuer and so on up to the root certificate (excluding the last one). What is happening with the clevery server is that its certificate contains an extension that points to the location of the parent certificate. As given by OpenSSL Authority Information Access: OCSP - URI:http://ocsp.verisign.com CA Issuers - URI:http://SVR1024Secure-aia.verisign.com/SVR1024Secure2007-aia.cer So, apparently Firefox doesn't follow that path and that seems to be a recognized standard. A quick Google found this article by someone who ran into the same problem and who has already checked the status of that extension. I'll have to look more into it myself, but ...

OpenVPN connectivity issues

Logwatch was good enough to show me that I had my logs filled with messages like these... repeating themselves over and over ad infinitum: