Maintained by: NLnet Labs

[Unbound-users] SSL certificate warning

Robert Edmonds
Wed Mar 19 21:16:40 CET 2014


Hi,

Updating from the SVN repository results in this prompt on Debian
testing/unstable:

    Error validating server certificate for 'https://unbound.nlnetlabs.nl:443':
     - The certificate is not issued by a trusted authority. Use the
       fingerprint to validate the certificate manually!
    Certificate information:
     - Hostname: *.nlnetlabs.nl
     - Valid: from May 21 08:07:03 2013 GMT until May 21 08:07:03 2015 GMT
     - Issuer: http://www.CAcert.org, CAcert Inc.
     - Fingerprint: DA:7B:71:F4:FB:A1:D8:BA:9C:DB:F4:0F:2D:76:69:27:0D:79:F4:DE
    Certificate problem.
    (R)eject, accept (t)emporarily or accept (p)ermanently?

The cause is the CAcert.org root certificate being removed from the
default CA certificate bundle in Debian:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434

(There is an LWN article about this -- http://lwn.net/Articles/590879/
-- but it is subscriber-only.)

Apparently Ubuntu and FreeBSD have also removed the CAcert.org
certificate from their default certificate bundles, too.

-- 
Robert Edmonds
edmonds at debian.org