On 02/05/14 15:38, foxtrot wrote:
3) Here is the new cert we are trying to introduce (sales.1d.qb.com)
Certificate:
Data:
Version: 1 (0x0)
X.509v1 rather than X.509v3. Could that be the problem?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust O
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of foxtrot
> Sent: Friday, 02 May, 2014 11:47
>
> I open my browser on my client windows workstation. I open the URL to
> webserver1 and the certificate on that server shows a green lock, no
> warnings..
Maybe I'm missing something, but:
- The app server cert is not signed by the CA cert, so there's no point in
sending the CA cert as part of the chain for that server.
- The app server cert isn't self-signed, either (contrary to what the original
message claimed).
- The new cert is an X.509v1 c
I open my browser on my client windows workstation. I open the URL to
webserver1 and the certificate on that server shows a green lock, no
warnings...allows me access. I open a 2nd browser tab with the URL of
webserver2 and I get an SSL Error and cannot get there...not even a
warning...just canno
On Thu, May 01, 2014 at 02:37:59PM -0700, foxtrot wrote:
> However, we are unable to get
> both certificates to work at the same time. If we load one of them first it
> works but the other will not load (fails). We can't seem to understand why
> whichever SSL is the 2nd to be read fails. Though
Nothing jumps out at me, sorry. Hopefully others will find something.
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
__
OpenSSL Project
no. I posted the text versions of our CA and both certs.
--
View this message in context:
http://openssl.6102.n7.nabble.com/whichever-certificate-loading-first-wins-tp49869p49896.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
_
Here are the text outputs of the certs:
1) app server cert (not the new server)
Data:
Version: 3 (0x2)
Serial Number: 242 (0xf2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Texas, O=QBI, OU=Information Technology, CN=QB Root
CA
Validity
> We have a webserver with an SSL self-signed certificate that uses our company
> CA cert in its chain
I can't parse that -- either it's self-signed (usually only done by root CA's),
or it's using an internal company CA.
Can you post "x509 -text" for both certs?
/r$
--
Principal Se
Did you give them the same serial number? Because that will break things.
On Thu, May 1, 2014 at 2:37 PM, foxtrot wrote:
> We have a webserver with an SSL self-signed certificate that uses our
> company
> CA cert in its chain to authenticate along with a user certificate on the
> client browse
10 matches
Mail list logo
