[CentOS] Re: ssl and NameVirtualHost
mouss
mouss at netoyen.net
Thu Apr 10 08:59:09 UTC 2008
Scott Silva wrote:
> on 4-9-2008 6:14 PM Tony Schreiner spake the following:
>> Jay Leafey wrote:
>>> Tony Schreiner wrote:
>>>> Kai Schaetzl wrote:
>>>>> Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400:
>>>>>
>>>>> However, you didn't provide any of the information I asked for.
>>>>> You are not talking of www.bc.edu, do you?
>>>>>
>>>>> Kai
>>>>>
>>>>>
>>>> ok, ok.
>>>>
>>>> https://bioinformatics.bc.edu
>>>>
>>>> Tony
>>>
>>> I could be full of cheese here, but did VeriSign send you an
>>> "intermediate" certificate along with your "real" certificate? If
>>> not, forget the
>>>
>>> When I went to the site and examined the cert I noticed that the
>>> cert was not signed by one of the CAs in the ca-bundle.crt provided
>>> by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1.
>>> You can examine the "Issuer" field of the certificate to see who
>>> signed it.
>>>
>>> I suspect that VeriSign sent you an "intermediate" certificate that
>>> was actually used to sign your cert. Apache has to present the
>>> intermediate cert at the same time it presents your "real" cert.
>>> Basically, since the intermediate cert was signed by a recognized CA
>>> cert and your cert was signed by the intermediate cert, then your
>>> cert is "trustworthy".
>>>
>>> The easiest way to fix this is to append the intermediate
>>> certificate to your "real" certificate file. I've had a few of
>>> these in the past, particularly from smaller CAs that resell other
>>> folks's service.
>>>
>>> Just a thought!
>>
>> I'm away from the office now, but I only got one certificate. I
>> didn't deal directly with Verisign, but rather went through someone
>> in my IT department. I will check on that. Thanks.
>>
>>
>> Kai, in response to your last message, you say it's fine. Does that
>> mean you don't get a dialog saying the site is not verifiable?
>> Because I sure do, with several browsers on different platforms.
>> Tony
> It went OK at work for me, but at home on my laptop it is untrusted.
> So maybe verisign needs to verify it for you.
here is a possibly related thread:
http://groups.google.com/group/mozilla.support.firefox/browse_thread/thread/48541520b5772216
More information about the CentOS
mailing list