Thank you for your input, it is working now. I forgot that I had also recieved the BundledRootCA.crt file.
The following did the job: cat yourcert.crt > combinedcert.crt cat BundledRootCA.crt >> combinedcert.crt mv combinedcert.crt /etc/ssl/xxx.xxx.xxx.xxx.crt regards, Claus On Thu, Feb 12, 2009 at 3:39 PM, Johan Strvm <jo...@stromnet.se> wrote: > On Feb 12, 2009, at 15:29 , Claus Larsen wrote: > > I am having some problems with a SSL proxy like the one described on >> https://calomel.org/relayd.html >> >> No problems getting it up and running, but the browser cannot verify the >> signed certificates. >> >> Internet Explorer says: >> The security certificate presented by this website was not issued by a >> trusted certificate authority. >> >> Safari says: >> www.xxxxx.com >> Issued by: Comodo Class 3 Security Services CA >> Expires: ..... >> This certificate was signed by an unknown authority >> >> My certificates works fine when running on apache. >> >> Research tells me that I need a chain/intermediate certificate to get >> things >> working. >> >> But I have not been able to find any info about this with relayd. >> >> I have recieved the following files with my certifcate: >> AddTrustExternalCARoot.crt >> UTNAddTrustServerCA.crt >> > > cat yourcert.crt > combinedcert.crt > cat UTNAddTrustServerCA.crt >> combinedcert.crt > cat AddTrustExternalCARoot.crt >> combinedcert.crt > > not sure about the order though.. But I'm quite sure your own cert goes > first, and then the others should go with the "master" last. I think. :) > > Make sure there are a newline at the end of each file first, or at least > that the resulting file have a newline between each cert (not a blank line, > but just so they dont get mixed up on the same lines) > > When all are added, use combinedcert.crt in /etc/ssl for your IP. > > Good luck :)
