On 09/10/2014 3:46 AM, "dE" <de.techno@xxxxxxxxx> wrote:
>
> On 10/08/14 21:36, Eric Covener wrote:
>>
>>
>> On Wed, Oct 8, 2014 at 12:00 PM, dE <de.techno@xxxxxxxxx> wrote:
>>>
>>> intermediate.pem must get installed automatically in the browsers (at least in FF), but instead these browsers don't see the certificate.
>>
>>
>> No, servers are expected to transmit the intermediate certificates.
>>
>
> Yes, they get installed automatically after it's transmitted by the server.
>
> Try a fresh FF profile. It'll not have any Microsoft (or MSIT) certificates. Open Microsoft.com and you'll get a bunch of Microsoft certificates installed in your certificate manager.
>
> Actually the problem is with intermediate.pem. I can't install it in any of the web browser under the issuer.pem certificate. But openSSL says it's 'verified'.
>
> This problem is out of scope of Apache.
Weird. And this happens both in ff and chrome? Would be interesting if you can test with different (older) versions of ff and chrome might be the newer ones have some restrictions in terms of signatures or something. May I ask how did you generate the certificates? From what you sent I couldn't see anything wrong with them though but will have another look.
That said the browsers behave as expected with all ca authority signed certificates I've been using.
|