Which CA currently issues certificates for Wikipedia sites? Are there two or more different CAs issuing certificates for *.wikipedia.org
?
In a short period (less than half a hour), I noticed certificates for Wikipedia issued by two different CAs (GlobalSign and DigiCert). I do not know much about certificates, so I'm asking here.
I can remember that for some time certificate(s) for Wikipedia sites was/were issued by GlobalSign. I'm using Firefox, and last year or two, when I clicked the green lock in the address bar, it always displayed Verified by: GlobalSign nv-sa
. A few hours ago, while browsing Wikipedia from home, I opened another page in a new tab. It seemed to me that the page loaded incompletely and then stopped loading and reloaded again. I clicked the green lock and this time it displayed Verified by: DigiCert Inc
. I am not sure whether I saw Verified by: GlobalSign
earlier in the same session, though.
I closed all tabs, cleared history and cache and restarted the browser. When I entered https://en.wikipedia.org in the address bar, the browser refused to open it and displayed error page with message that something is wrong with certificate (I do not remember what was the exact error message). I visited a few other sites and did not notice any problems, then restarted Firefox again and this time was able to open https://en.wikipedia.org. The certificate was issued by DigiCert. I thought that if Wikipedia's CA changed then there must be something about this on the web and googled a bit but did not find anything relevant.
I opened TBB and browsed Wikipedia in it for few minutes and the issuer was DigiCert. At some point I opened another tab and noticed the issuer was GlobalSign nv-ca again. Now I have TBB open with two tabs; clicking green lock sign in one tab shows Verified by: DigiCert Inc
, and in another tab Verified by: GlobalSign nv-sa
(see below for more differing details from these two tabs). I guess this might be due to changed exit relay.
I found this question which seems to be related somehow.
Can someone explain what might be going on? Did Wikipedia's CA change recently or is it changing currently? Is there something to worry about?
Details from the two tabs in TBB:
Tab 1:
Issued To
Serial Number: 05:A9:5C:0D:34:A8:31:F3:7F:8A:5F:72:9C:C2:3C:74
Issued By
CN: DigiCert SHA2 High Assurance Server CA
O: DigiCert Inc
OU: www.digicert.com
Period of Validity
Begins On 19 Dec 2016
Expires On 3 Jan 2018
Fingerprints
SHA-256: E8:04:B7:5C:F2:B5:0B:1F:41:EE:B1:BB:90:81:17:8D:86:86:3F:93:25:3D:10:0D:85:8D:FB:3D:51:20:B8:6B
SHA1: 1B:27:6F:BE:CD:10:49:C8:F2:F1:72:C8:40:99:D2:19:25:78:B9:9C
Certificate Hierarchy:
DigiCert High Assurance EV Root CA
DigiCert SHA2 High Assurance Server CA
*.wikipedia.org
Tab 2:
Issued To
Serial Number: 10:E6:FC:62:B7:41:8A:D5:00:5E:45:B6
Issued By
CN: GlobalSign Organization Validation CA - SHA256 - G2
O: GlobalSign nv-sa
OU: <Not Part Of Certificate>
Period of Validity
Begins On: 21 Nov 2016
Expires On: 22 Nov 2017
Fingerprints:
SHA-256: 05:7A:A6:B4:58:FD:66:B7:F1:A0:72:2B:2E:0C:9E:08:BE:A1:76:6C:77:85:43:C0:99:01:7F:61:FF:65:7F:7E
SHA1: 58:66:84:EF:77:3E:A0:B8:5F:23:38:73:CB:46:10:E8:D0:E0:8C:B3
Certificate Hierarchy:
GlobalSign
GlobalSign Organization Validation CA - SHA256 - G2
*.wikipedia.org