You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tovo Gianluca <gi...@telecomitalia.it> on 2004/03/09 10:42:39 UTC
[users@httpd] RE: Certificate not recognized by browsers
Hi Ronald,
it seems that you just didn't show your intermediate CA certificate to the server.
Here your three certs, root (IPS SERVIDORES), CA (ipsCA A1), server (server).
Root and server is OK, but your server should propose also the intermediate CA to the client so it can resolve the entire cert path.
Check the CA cert statement in config file.
Bye
Gianluca Tovo
Telecom Italia Information Technology S.p.A.
OSS&VAS Solutions - IT Security Products & Services
S.S.148 Pontina, Km 29.100 00040 Pomezia (RM)
phone +39 06 91197426
fax +39 06 91197331
mobile +39 335 5792708
> -----Original Message-----
> Date: Mon, 8 Mar 2004 11:00:30 -0800
> To: users@httpd.apache.org
> From: fjan245@superiorshelving.com
> Subject: [OT] Certificate not recognized by browsers
> Message-Id:
> <DE...@superiorshelving.com>
>
> Hi All,
>
> I realize this is not an Apache problem, but I was hoping someone
> could point me in the right direction. We got a secure certificate
> from ipsCA and it refuses to be recognized by IE, Netscape, Mozilla,
> and Camino. According to their web site, the intermediate
> certificate
> must not be installed incorrectly, but I'm 99.9% sure that it is.
>
> Is there a problem with certs from ipsCA? They are listed in the
> Security preference panel in IE, so they should be legit. Or
> is it a
> problem with intermediate certificates in general? If it is, what
> would be the point of buying one, if the majority of browsers
> complain?
>
> If anyone wants to see it for themselves, here is the link:
> http://www.nexelshelving.com/cgi-bin/surfshop1/shop.cgi?
> c=start.htm&storeid=1
>
> Put something in the cart and click the check out button to see the
> message. Do not complete the checkout process, that is, of
> course, you
> want to buy some shelving! =;)
>
> We're running Apache 2.0.48 on Mac OX 10.3.1. I'm
> desperate. Our
> bank is holding our funds until we get rid of the error message that
> pops up in the browser. If someone can help us out, I'd be
> extremely
> grateful.
>
> Ronald
>
> ------------------------------
--------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to webmaster@telecomitalia.it.
Thank you
www.telecomitalia.it
--------------------------------------------------------------------
Re: [users@httpd] RE: Certificate not recognized by browsers
Posted by fj...@superiorshelving.com.
Salve Gianluca,
> it seems that you just didn't show your intermediate CA certificate to
> the server.
That's what I thought, too, but according to ipsCA's testing web page
<< http://certs.ipsca.com/checkserver/ >>, everything appears to be
O.K.
> Here your three certs, root (IPS SERVIDORES), CA (ipsCA A1), server
> (server).
> Root and server is OK, but your server should propose also the
> intermediate CA to the client so it can resolve the entire cert path.
According to ipsCA <<
http://certs.ipsca.com/Support/CSRApache-MOD-SSL.asp >>, Apache users
only need two certs [one of them is a bundled cert]. I've installed
both, along with my key, and I _think_ I've done it correctly, but you
never know. I'm still new to this.
> Check the CA cert statement in config file.
Here that section from my ssl.conf file:
<VirtualHost secure.nexelshelving.com:443>
# General setup for the virtual host
DocumentRoot "/etc/apache/htdocs/nexelshelving"
#ServerName has to match the server you entered into the CSR
ServerName secure.nexelshelving.com:443
ServerAdmin you@your.address
ErrorLog /etc/apache/logs/ssl/nexelshelving/ssl_engine_log
TransferLog /etc/apache/logs/access_log
SSLEngine on
SSLProtocol all -SSLv3
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateKeyFile /etc/apache/ssl/certs/server.key
SSLCertificateFile /etc/apache/ssl/private/server.crt
SSLCertificateChainFile /etc/apache/ssl/private/IPS-IPSCABUNDLE.crt
</VirtualHost>
Thanks,
Robert
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org