Scott Silva wrote: > on 4-9-2008 6:14 PM Tony Schreiner spake the following: >> Jay Leafey wrote: >>> Tony Schreiner wrote: >>>> Kai Schaetzl wrote: >>>>> Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400: >>>>> >>>>> However, you didn't provide any of the information I asked for. >>>>> You are not talking of www.bc.edu, do you? >>>>> >>>>> Kai >>>>> >>>>> >>>> ok, ok. >>>> >>>> https://bioinformatics.bc.edu >>>> >>>> Tony >>> >>> I could be full of cheese here, but did VeriSign send you an >>> "intermediate" certificate along with your "real" certificate? If >>> not, forget the >>> >>> When I went to the site and examined the cert I noticed that the >>> cert was not signed by one of the CAs in the ca-bundle.crt provided >>> by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1. >>> You can examine the "Issuer" field of the certificate to see who >>> signed it. >>> >>> I suspect that VeriSign sent you an "intermediate" certificate that >>> was actually used to sign your cert. Apache has to present the >>> intermediate cert at the same time it presents your "real" cert. >>> Basically, since the intermediate cert was signed by a recognized CA >>> cert and your cert was signed by the intermediate cert, then your >>> cert is "trustworthy". >>> >>> The easiest way to fix this is to append the intermediate >>> certificate to your "real" certificate file. I've had a few of >>> these in the past, particularly from smaller CAs that resell other >>> folks's service. >>> >>> Just a thought! >> >> I'm away from the office now, but I only got one certificate. I >> didn't deal directly with Verisign, but rather went through someone >> in my IT department. I will check on that. Thanks. >> >> >> Kai, in response to your last message, you say it's fine. Does that >> mean you don't get a dialog saying the site is not verifiable? >> Because I sure do, with several browsers on different platforms. >> Tony > It went OK at work for me, but at home on my laptop it is untrusted. > So maybe verisign needs to verify it for you. here is a possibly related thread: http://groups.google.com/group/mozilla.support.firefox/browse_thread/thread/48541520b5772216