Quantcast

TlsTest.exe throws CERT_E_CHAINING even with certificates imported via certmgr

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

TlsTest.exe throws CERT_E_CHAINING even with certificates imported via certmgr

Alexander Köplinger via Mono-list
Hello,

On Linux, I'm running into SSL certificate validation issues attempting to connect to https://google.com. I've run mozroots --import --sync, used cert-sync on a Mozilla derived CA bundle and imported the certificates via certmgr -ssl https://google.com. For good measure, I've run the same commands for the machine stores. However the issue still persists. Does anybody have any pointers on how to fix this?

I'm using Mono JIT compiler version 4.6.2 (Stable 4.6.2.7/08fd525 Wed Nov 23 12:56:10 EST 2016)

The output from certmgr -ssl https://google.com is

Mono Certificate Manager - version 4.6.2.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.


X.509 Certificate v3
   Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
   Issued to:   C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
   Valid from:  5/21/2002 4:00:00 AM
   Valid until: 8/21/2018 4:00:00 AM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
   Issued to:   C=US, O=Google Inc, CN=Google Internet Authority G2
   Valid from:  4/1/2015 12:00:00 AM
   Valid until: 12/31/2017 11:59:59 PM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=US, O=Google Inc, CN=Google Internet Authority G2
   Issued to:   C=US, S=California, L=Mountain View, O=Google Inc, CN=*.google.com
   Valid from:  4/12/2017 2:19:56 PM
   Valid until: 7/5/2017 1:29:00 PM
This certificate is already in the AddressBook store.

No certificate were added to the stores.

The output from mono TlsTest.exe https://google.com is

https://google.com
[Subject]
  CN=*.google.com, O=Google Inc, L=Mountain View, S=California, C=US

[Issuer]
  CN=Google Internet Authority G2, O=Google Inc, C=US

[Not Before]
  4/12/2017 4:19:56 PM

[Not After]
  7/5/2017 3:29:00 PM

[Thumbprint]
  659785A076AA7B417C4282F121B0E99BCD34B183


        Valid From:  4/12/2017 4:19:56 PM
        Valid Until: 7/5/2017 3:29:00 PM

Error #-2146762486: CERT_E_CHAINING 0x800B010A

The signature warnings in the certmgr output concern me, but I couldn't find anything definitive regarding them.

Best regards,

Rico

_______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.dot.net/mailman/listinfo/mono-list
Loading...