[Novalug] problem with new ssl certificate

John Franklin franklin@elfie.org
Wed Apr 15 10:02:53 EDT 2015


Since you can reproduce the error with s_client, try reversing them.  

This shouldn't be the issue.  SSL libraries should be clever enough to build s dictionary of certs first, then follow the chain, but I believe John is right that it does sometimes matter.

What specific versions (browser, version, OS) trigger it?

jf
-- 
John Franklin
franklin@elfie.org



On Apr 15, 2015, at 9:32 AM, covici--- via Novalug <novalug@firemountain.net> wrote:

> I have the NetworkSolutionsDVServerCA.crt first and then the
> AddTrustExternalCARoot.crt after that, is this the correct order?
> 
> John Place via Novalug <novalug@firemountain.net> wrote:
> 
>> I am assuming it has two chained certs, make sure the order is
>> correct, that can burn you.
>> 
>> Thanks
>> John
>> 
>> 
>> 
>> On 04/15/2015 01:59 AM, covici--- via Novalug wrote:
>>> So how can I fix this, or should I get an ssl cert from somewhere else?
>> 
>> **********************************************************************
>> The Novalug mailing list is hosted by firemountain.net.
>> 
>> To unsubscribe or change delivery options:
>> http://www.firemountain.net/mailman/listinfo/novalug
> 
> -- 
> Your life is like a penny.  You're going to lose it.  The question is:
> How do
> you spend it?
> 
>         John Covici
>         covici@ccs.covici.com
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
> 
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug




More information about the Novalug mailing list