Jay Leafey wrote: > Tony Schreiner wrote: >> Kai Schaetzl wrote: >>> Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400: >>> >>> However, you didn't provide any of the information I asked for. You >>> are not talking of www.bc.edu, do you? >>> >>> Kai >>> >>> >> ok, ok. >> >> https://bioinformatics.bc.edu >> >> Tony > > I could be full of cheese here, but did VeriSign send you an > "intermediate" certificate along with your "real" certificate? If > not, forget the > > When I went to the site and examined the cert I noticed that the cert > was not signed by one of the CAs in the ca-bundle.crt provided by my > copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1. You can > examine the "Issuer" field of the certificate to see who signed it. > > I suspect that VeriSign sent you an "intermediate" certificate that > was actually used to sign your cert. Apache has to present the > intermediate cert at the same time it presents your "real" cert. > Basically, since the intermediate cert was signed by a recognized CA > cert and your cert was signed by the intermediate cert, then your cert > is "trustworthy". > > The easiest way to fix this is to append the intermediate certificate > to your "real" certificate file. I've had a few of these in the past, > particularly from smaller CAs that resell other folks's service. > > Just a thought! I'm away from the office now, but I only got one certificate. I didn't deal directly with Verisign, but rather went through someone in my IT department. I will check on that. Thanks. Kai, in response to your last message, you say it's fine. Does that mean you don't get a dialog saying the site is not verifiable? Because I sure do, with several browsers on different platforms. Tony