Re: Re: ssl and NameVirtualHost

[mouss <mouss@xxxxxxxxxxx>]

Scott Silva wrote:
> on 4-9-2008 6:14 PM Tony Schreiner spake the following:
> > Jay Leafey wrote:
> > > Tony Schreiner wrote:
> > > > Kai Schaetzl wrote:
> > > > > Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400:
> > > > >
> > > > > However, you didn't provide any of the information I asked for. 
> > > > > You are not talking of www.bc.edu, do you?
> > > > >
> > > > > Kai
> > > > >
> > > > >   
> > > > ok, ok.
> > > >
> > > > https://bioinformatics.bc.edu
> > > >
> > > > Tony
> > >
> > > I could be full of cheese here, but did VeriSign send you an 
> > > "intermediate" certificate along with your "real" certificate?  If 
> > > not, forget the
> > >
> > > When I went to the site and examined the cert I noticed that the 
> > > cert was not signed by one of the CAs in the ca-bundle.crt provided 
> > > by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1.  
> > > You can examine the "Issuer" field of the certificate to see who 
> > > signed it.
> > >
> > > I suspect that VeriSign sent you an "intermediate" certificate that 
> > > was actually used to sign your cert.  Apache has to present the 
> > > intermediate cert at the same time it presents your "real" cert.  
> > > Basically, since the intermediate cert was signed by a recognized CA 
> > > cert and your cert was signed by the intermediate cert, then your 
> > > cert is "trustworthy".
> > >
> > > The easiest way to fix this is to append the intermediate 
> > > certificate to your "real" certificate file.  I've had a few of 
> > > these in the past, particularly from smaller CAs that resell other 
> > > folks's service.
> > >
> > > Just a thought!
> >
> > I'm away from the office now, but I only got one certificate. I 
> > didn't deal directly with Verisign, but rather went through someone 
> > in my IT department. I will check on that. Thanks.
> >
> >
> > Kai, in response to your last message, you say it's fine. Does that 
> > mean you don't get a dialog saying the site is not verifiable? 
> > Because I sure do, with several browsers on different platforms.
> > Tony
> It went OK at work for me, but at home on my laptop it is untrusted.
> So maybe verisign needs to verify it for you.

here is a possibly related thread:

http://groups.google.com/group/mozilla.support.firefox/browse_thread/thread/48541520b5772216

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos