tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Can APR use verisign certs ?
Date Wed, 10 Jan 2007 03:54:12 GMT

"robert lazarski" <robertlazarski@gmail.com> wrote in message 
news:f87675ee0701091918w30723123pf83e19d191b7e505@mail.gmail.com...
> On 1/9/07, Bill Barker <wbarker@wilshire.com> wrote:
>> > https://dpt.alphatheory.com/
>> >
>>
>> You have the expired intermediate cert for Verisign.  As a result, the
>> browser can't verify you because it thinks that the cert that signed 
>> yours
>> has expired.  You need to get the new one from Verisign and import that 
>> one
>> instead.
>>
>
> I had two issues: one for an invalid date (that no one else saw) due
> to to a locale issue I think - interveting day and month - and another
> with the error "The security certificate was issued by a company that
> is not trusted" only on firefox 1.5 . Which issue are you referring to
> has " expired intermediate cert" ? The latter "company that is not
> trusted" is unacceptable to us and needs to be solved somehow.
>

Now, with IE 7 (I was using 6 before), the page comes up fine.  This means 
that you probably aren't sending the intermediate cert, and the browser is 
just using the one that it has.

If you do "view certificates" and go to the "certification path" tab (at 
least for IE, I don't have FF here), you will see three certs in the chain. 
Older browsers are going to show the middle one as expired, and hence no 
good.  Hence you should download the good cert from VS and point to it with 
the "SSLCertificateChainFile" attribute.

> Thanks!
> Robert
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message