[CentOS] ssl and NameVirtualHost
Jay Leafey
jay.leafey at mindless.com
Thu Apr 10 00:56:02 UTC 2008
Tony Schreiner wrote:
> Kai Schaetzl wrote:
>> Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400:
>>
>> However, you didn't provide any of the information I asked for. You
>> are not talking of www.bc.edu, do you?
>>
>> Kai
>>
>>
> ok, ok.
>
> https://bioinformatics.bc.edu
>
> Tony
I could be full of cheese here, but did VeriSign send you an
"intermediate" certificate along with your "real" certificate? If not,
forget the
When I went to the site and examined the cert I noticed that the cert
was not signed by one of the CAs in the ca-bundle.crt provided by my
copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1. You can
examine the "Issuer" field of the certificate to see who signed it.
I suspect that VeriSign sent you an "intermediate" certificate that was
actually used to sign your cert. Apache has to present the intermediate
cert at the same time it presents your "real" cert. Basically, since
the intermediate cert was signed by a recognized CA cert and your cert
was signed by the intermediate cert, then your cert is "trustworthy".
The easiest way to fix this is to append the intermediate certificate to
your "real" certificate file. I've had a few of these in the past,
particularly from smaller CAs that resell other folks's service.
Just a thought!
--
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080409/273a3377/attachment.bin>
More information about the CentOS
mailing list