View Issue Details

IDProjectCategoryView StatusLast Update
0001348Main CAcert Websitemiscpublic2015-01-25 17:13
ReporterMathias Assigned Tojandd  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2014 Q4 
Target Version2014 Q4 
Summary0001348: SSL/TLS configuration rated grade B on SSL Labs

There is an SSL/TLS configuration issue on

The server certificate is issued by CAcert Class 3 Root which is also delivered while establishing a connection. But the CAcert Class 3 Root does not have the CA extension enabled:

  X509v3 extensions:
    X509v3 Basic Constraints: critical

Therefore a *complete* chain of trust can neither be created nor verified.

Finally this leads to a grade B rating on the SSL Labs test. (This is independent of the fact that the SSL Labs test is based on the Mozilla certificate store, which the CAcert root certificate is not part of. A well known problem, which does, however, cause no harm here.)

A solution is to also deliver the CAcert root certificate.

Thanks for looking into this issue.

TagsNo tags attached.
Reviewed by
Test Instructions


child of 0001241 solved?jandd SSL/TLS configuration is bad on many levels 



2014-12-14 12:13



2014-12-27 12:06

administrator   ~0005210

fixed, getting a grade A on ssllabs now


2015-01-25 17:13

reporter   ~0005265

Closed, thanks.

Issue History

Date Modified Username Field Change
2014-12-14 12:13 Mathias New Issue
2014-12-14 12:13 Mathias File Added:
2014-12-14 12:13 Mathias Relationship added child of 0001241
2014-12-23 20:21 BenBE Assigned To => jandd
2014-12-23 20:21 BenBE Status new => needs work
2014-12-23 20:21 BenBE Product Version => 2014 Q4
2014-12-23 20:21 BenBE Target Version => 2014 Q4
2014-12-27 12:06 jandd Note Added: 0005210
2014-12-27 12:06 jandd Status needs work => solved?
2014-12-27 12:06 jandd Resolution open => fixed
2015-01-25 17:13 Mathias Note Added: 0005265
2015-01-25 17:13 Mathias Status solved? => closed