On Mon, 13 Sep 2010, Mounir IDRASSI wrote:
> Your problem could come from the fact that your Apache
> SSLCertificateChainFile configuration is missing the Thawte Cross Root CA
> that links "thawte Primary Root CA" to "Thawte Premium Server CA".
Thanks for the suggestion, but I don't see that I ne
Remember that you need to include -showcerts in the s_client line to get it to
dump certificates.
-Kyle H
On Mon, Sep 13, 2010 at 6:04 PM, Tim Hudson wrote:
> Also, gnutls-client works correctly and lists the entire CA chain, which
would also seem to indicate the server is supplying them.
C
> Also, gnutls-client works correctly and lists the entire CA chain, which
would also seem to indicate the server is supplying them.
Connecting with openssl s_client as per the command you provided is not showing
the certificate chain.
openssl s_client -verify 10 -CAfile /etc/ssl/certs/Thawt
On 09/13/2010 10:12 PM, Paul B. Henson wrote:
On Mon, 13 Sep 2010, Tim Hudson wrote:
You need to correct your server configuration so that it correctly sends
out the chain.
Ok, I figured out what was wrong. I only had the SSLCertificateChainFile
configured in the specific ssl virtual host, b
On Mon, 13 Sep 2010, Tim Hudson wrote:
> You need to correct your server configuration so that it correctly sends
> out the chain.
Ok, I figured out what was wrong. I only had the SSLCertificateChainFile
configured in the specific ssl virtual host, but not the default ssl
virtual host. When I add
On 9/13/10 2:58 PM, Paul B. Henson wrote:
On Mon, 13 Sep 2010, Chris wrote:
Be careful you are not checking the web server from a browser that has
the intermediate certificate installed.
I initially installed just the new cert on the web server, and the web
browsers were generating cert secur
Hi Paul,
Can you test the SSLCertificateChainFile instructions from the following
site : http://www.cam.ac.uk/cs/tlscerts/deploying-thawte.html?
Your problem could come from the fact that your Apache
SSLCertificateChainFile configuration is missing the Thawte Cross Root
CA that links "thawte
On Mon, 13 Sep 2010, Tim Hudson wrote:
> Try gnutls without the TLS extensions processing occurring and you will
> see that the server is not sending back the certificate chain:
Hmm, so the server isn't volunteering the chain, but if the client is smart
enough to ask for it it will provide it :)?
On Mon, 13 Sep 2010, Chris wrote:
> Be careful you are not checking the web server from a browser that has
> the intermediate certificate installed.
I initially installed just the new cert on the web server, and the web
browsers were generating cert security errors. I then went back and added
the
On Mon, 13 Sep 2010, Ashish Thapliyal wrote:
> From the openssl s_client log it looks like the server is not sending the
> whole certificate chain. You should be seeing something like: cert>
>
> I am not familiar with apache, but from the documentation at
> http://www.apache-ssl.org/docs.html#
Be careful you are not checking the web server from a browser that has the
intermediate certificate installed.
Obtain the root certificate - and only the root certificate - that is likely to
be present in a random user's browser and save it as thawte_root_cert.pem
openssl s_client -verify 10 -C
Henson
Sent: Monday, September 13, 2010 12:58 PM
To: openssl-users@openssl.org
Subject: Intermediate root CA's -- lost and confused :(
We just installed our first Thawte cert that uses their intermediate CA's,
and it's not going as smoothly as I'd like.
It's installed on
We just installed our first Thawte cert that uses their intermediate CA's,
and it's not going as smoothly as I'd like.
It's installed on an Apache server with mod_ssl, and I added the
intermediate root CA's to the apache config with the SSLCACertificateFile
directive. Web browsers seem happy with
13 matches
Mail list logo
