Du lieferst übrigens ein falsches intermediate certificate mit:
Code
$ gnutls-cli --print-cert yourd****4.de
Processed 7 CA certificate(s).
Resolving 'yourd****4.de'...
Connecting to '203.0.113.21:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `OU=GT****85,OU=See www.rapidssl.com/resources/cps (c)15,OU=Domain Control Validated - RapidSSL(R),CN=yourd****4.de', issuer `C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3', RSA key 2048 bits, signed using RSA-SHA256, activated `2015-07-07 01:35:27 UTC', expires `2016-07-08 23:13:34 UTC', SHA-1 fingerprint `e608****41a8'
Public Key ID:
d4403****7f3c
Public key's random art:
+--[ RSA 2048]----+
| . ..oo*.. |
|*****************|
| .... . |
+-----------------+
-----BEGIN CERTIFICATE-----
MIIEnzCCA4egAwIBAgIDBZFXMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
****************************************************************
nRotIXH+6hb9wTyiBHfaU0SkPFSd8bVOCSVvlb2Kox3bQLE=
-----END CERTIFICATE-----
- Certificate[1] info:
- subject `C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G4', issuer `C=US,O=GeoTrust Inc.,OU=(c) 2008 GeoTrust Inc. - For authorized use only,CN=GeoTrust Primary Certification Authority - G3', RSA key 2048 bits, signed using RSA-SHA256, activated `2015-06-30 00:00:00 UTC', expires `2025-06-29 23:59:59 UTC', SHA-1 fingerprint `dc077c4ab3422f608cee83d9098bfc3a7226d6a7'
-----BEGIN CERTIFICATE-----
MIIEpjCCA46gAwIBAgIQKByJKWYUQ4BCY1U6MkCuszANBgkqhkiG9w0BAQsFADCB
mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSAtIEczMB4XDTE1MDYzMDAwMDAwMFoXDTI1MDYyOTIzNTk1OVowRzELMAkG
A1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xIDAeBgNVBAMTF1JhcGlk
U1NMIFNIQTI1NiBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwJ46D5qyutPS3BXs0DBUWTBNQFGuQnFx0o1Tc4H+uODElsWOfsLxt2NKz6ce
P6jnzlOg+i331ubOcBGm7uEDUtJo3j0IDYf9HNcLl2JtgjB2G0c6xPfO7R18jLcX
jlOAHh0PXYz5kOQEHgJ+y7BJ79pSJfv7Z+3dhHRZhA7z3nBmjeRSOPdTWjcTZws+
u6hYty7t/7deEXO5d0VSZ0auxNwkgYl2CsqhbGZzBIKq9XBsXxuaAHlG1n96Jhcw
zzlLLHTZiUR2ENDt94u7iQV1TQsNs9rpv/FqfSoR2x6fjOPEBmnhHYhFOdFuVdiq
t5tv6vTerBcRkl1Am4N7muL3qQIDAQABo4IBOjCCATYwLgYIKwYBBQUHAQEEIjAg
MB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wEgYDVR0TAQH/BAgwBgEB
/wIBADBJBgNVHSAEQjBAMD4GBmeBDAECATA0MDIGCCsGAQUFBwIBFiZodHRwczov
L3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczA2BgNVHR8ELzAtMCugKaAn
hiVodHRwOi8vZy5zeW1jYi5jb20vR2VvVHJ1c3RQQ0EtRzMuY3JsMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
FPO1VgzECbC0zx+q+d0jVvB36KH5MB8GA1UdIwQYMBaAFMR5yo6hTgMdHNxr2zFb
lD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQDDftiDSwRMVSkqTxSdmm7ekHDBpCZM
iI54SO+9nLCg9fBm/P5ZJuF578i3YGSoi0fqL+CDmdpBGdfFvgX68pAR8Ar/bNwF
tNgGb6Rvjb4gK1Tb+aJFg5oepSGJNR18IFwX/QQuRdiyxvhCmfxUCE5LgF85N7qV
TqY3Cp6TXodb6ZDWqLZlCI1hSeuDIKldGxZgYmsvVPtaAg16J+JL4QUUwuTp+XDA
2fc0ZQ6ikUusKPK3CA+Yytc+cLbIC/GLnFH4xhBs0lNPYowRAD6I37/m0sxwve0l
nPvdJAq9WZFKQgM4EnEyiHagjny7Mu+IKhvUam9QuVJni6sw+h/94ySa
-----END CERTIFICATE-----
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
Alles anzeigen
Dein Zertifikat wurde von `C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3' ausgegeben. Du lieferst aber `C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G4' mit.