© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
mozilla and Chromium still have the md2 cert, because VeriSign had issued intermediates with AKIs that point to the
MD2 versions. I'm not sure there are any left though.
If you remove the md2 cert from firefox, and restart it, it will still validate the site correctly.
You need to tell openssl where the CA cert bundle is:
openssl s_client -CAfile /etc/ssl/
Doing that results in a successful verification, even though the md2 cert isn't in the system CA bundle:
Verify return code: 0 (ok)