Make WordPress Core

Opened 10 years ago

Closed 9 years ago

#26955 closed defect (bug) (duplicate)

AddTrust External CA Root Certificate not recognized

Reported by: dannydehaan's profile dannydehaan Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.8
Component: HTTP API Keywords: has-patch needs-refresh dev-feedback
Focuses: Cc:


Hi all,

At our server, we are using the PositiveSSL CA 2 certificate by Comodo. When a wp_remote_get request is made, the server tries to verify the SSL certificate by wp-includes/certificates/ca-bundle.crt. AddTrust doesn't exist in this file so the verifyssl is false. We've discovered this in the W3 Total Cache plugin when we tried to activate minify and page cache.


Attachments (2)

26955.diff (2.3 KB) - added by dannydehaan 10 years ago.
26955 Added Certificate
certificate-data.txt (3.6 KB) - added by dd32 10 years ago.

Download all attachments as: .zip

Change History (6)

10 years ago

26955 Added Certificate

#1 @dd32
10 years ago

Can you please provide a URL which uses a certificate signed by this AddTrust certificate, and the source of the attached certificate?

We use the Mozilla NSS trusted certificates, and although I see the following certificates in there, I don't see the one you're requesting:

AddTrust Low-Value Services Root TRUSTED
AddTrust External Root TRUSTED
AddTrust Public Services Root TRUSTED
AddTrust Qualified Certificates Root TRUSTED

It looks like the "External Root" one is issued by "AddTrust External CA Root" though.

See Also: #27017 which doesn't include this certificate.

#2 @dannydehaan
10 years ago

Hi dd32,

Thanks for your reply!

Please see for the certificate being used. It's a wildcard (sub)domain certficate.

I've downloaded the certificate from here: It's the 2nd download.

#3 @chriscct7
9 years ago

  • Keywords has-patch needs-refresh dev-feedback added

#4 @dd32
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Marking as a duplicate of #30434 - If that doesn't fix it, I'm not sure what's going on.

The referenced site here has had it's cert expire, so I can't verify if that ticket fixed it.

Note: See TracTickets for help on using tickets.