Scott Silva wrote:
on 4-9-2008 6:14 PM Tony Schreiner spake the following:
Jay Leafey wrote:
Tony Schreiner wrote:
Kai Schaetzl wrote:
Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400:
However, you didn't provide any of the information I asked for.
You are not talking of www.bc.edu, do you?
Kai
ok, ok.
https://bioinformatics.bc.edu
Tony
I could be full of cheese here, but did VeriSign send you an
"intermediate" certificate along with your "real" certificate? If
not, forget the
When I went to the site and examined the cert I noticed that the
cert was not signed by one of the CAs in the ca-bundle.crt provided
by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1.
You can examine the "Issuer" field of the certificate to see who
signed it.
I suspect that VeriSign sent you an "intermediate" certificate that
was actually used to sign your cert. Apache has to present the
intermediate cert at the same time it presents your "real" cert.
Basically, since the intermediate cert was signed by a recognized CA
cert and your cert was signed by the intermediate cert, then your
cert is "trustworthy".
The easiest way to fix this is to append the intermediate
certificate to your "real" certificate file. I've had a few of
these in the past, particularly from smaller CAs that resell other
folks's service.
Just a thought!
I'm away from the office now, but I only got one certificate. I
didn't deal directly with Verisign, but rather went through someone
in my IT department. I will check on that. Thanks.
Kai, in response to your last message, you say it's fine. Does that
mean you don't get a dialog saying the site is not verifiable?
Because I sure do, with several browsers on different platforms.
Tony
It went OK at work for me, but at home on my laptop it is untrusted.
So maybe verisign needs to verify it for you.
here is a possibly related thread:
http://groups.google.com/group/mozilla.support.firefox/browse_thread/thread/48541520b5772216
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos