Shaun Crampton wrote:
Sorry, the client will only trust a server cert that is signed by the manufacturers root cert. The server's cert must be issued by the manufacturer's CA.
so they actually issue you your server certificate, but they generate this with a private RootCA thats not generally installed in browsers? yuck.
sounds like you'll need to offer your regular browsing clients this manufacturer's public rootca.crt and suggest they need to accept it and add it to their key stores, before browsing this site, then. painful.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
