[Mono-list] TlsTest.exe throws CERT_E_CHAINING even with certificates imported via certmgr

El Rico rico at elrico.net
Thu Apr 20 19:33:53 UTC 2017


Hello,

On Linux, I'm running into SSL certificate validation issues attempting to
connect to https://google.com. I've run mozroots --import --sync, used
cert-sync on a Mozilla derived CA bundle and imported the certificates via
certmgr -ssl https://google.com. For good measure, I've run the same
commands for the machine stores. However the issue still persists. Does
anybody have any pointers on how to fix this?

I'm using Mono JIT compiler version 4.6.2 (Stable 4.6.2.7/08fd525 Wed Nov
23 12:56:10 EST 2016)

The output from certmgr -ssl https://google.com is

Mono Certificate Manager - version 4.6.2.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD
licensed.


X.509 Certificate v3
   Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
   Issued to:   C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
   Valid from:  5/21/2002 4:00:00 AM
   Valid until: 8/21/2018 4:00:00 AM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
   Issued to:   C=US, O=Google Inc, CN=Google Internet Authority G2
   Valid from:  4/1/2015 12:00:00 AM
   Valid until: 12/31/2017 11:59:59 PM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=US, O=Google Inc, CN=Google Internet Authority G2
   Issued to:   C=US, S=California, L=Mountain View, O=Google Inc, CN=*.
google.com
   Valid from:  4/12/2017 2:19:56 PM
   Valid until: 7/5/2017 1:29:00 PM
This certificate is already in the AddressBook store.

No certificate were added to the stores.

The output from mono TlsTest.exe https://google.com is

https://google.com
[Subject]
  CN=*.google.com, O=Google Inc, L=Mountain View, S=California, C=US

[Issuer]
  CN=Google Internet Authority G2, O=Google Inc, C=US

[Not Before]
  4/12/2017 4:19:56 PM

[Not After]
  7/5/2017 3:29:00 PM

[Thumbprint]
  659785A076AA7B417C4282F121B0E99BCD34B183


        Valid From:  4/12/2017 4:19:56 PM
        Valid Until: 7/5/2017 3:29:00 PM

Error #-2146762486: CERT_E_CHAINING 0x800B010A

The signature warnings in the certmgr output concern me, but I couldn't
find anything definitive regarding them.

Best regards,

Rico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dot.net/pipermail/mono-list/attachments/20170420/53c3b84f/attachment.html>


More information about the Mono-list mailing list