[Novalug] problem with new ssl certificate

Derek LaHousse dlahouss@mtu.edu
Wed Apr 15 11:23:41 EDT 2015


Are you willing to share the website address?  Maybe looking at it
from our perspectives can help.

On Wed, Apr 15, 2015 at 10:43 AM, Miles D. Oliver via Novalug
<novalug@firemountain.net> wrote:
> verify error:num=20:unable to get local issuer certificate
>
>
> Could that mean that it can't find the local certificate??  Is the path to
> it correct??
>
> On Wed, Apr 15, 2015 at 10:10 AM, covici--- via Novalug <
> novalug@firemountain.net> wrote:
>
>> Its apache 2.4.12, under linux gentoo kernel 3.6.6. I will reverse and
>> see if it fixes anything.
>> Nope, reversing the certs changed nothing.
>>
>> John Franklin <franklin@elfie.org> wrote:
>>
>> > Since you can reproduce the error with s_client, try reversing them.
>> >
>> > This shouldn't be the issue.  SSL libraries should be clever enough to
>> build s dictionary of certs first, then follow the chain, but I believe
>> John is right that it does sometimes matter.
>> >
>> > What specific versions (browser, version, OS) trigger it?
>> >
>> > jf
>> > --
>> > John Franklin
>> > franklin@elfie.org
>> >
>> >
>> >
>> > On Apr 15, 2015, at 9:32 AM, covici--- via Novalug <
>> novalug@firemountain.net> wrote:
>> >
>> > > I have the NetworkSolutionsDVServerCA.crt first and then the
>> > > AddTrustExternalCARoot.crt after that, is this the correct order?
>> > >
>> > > John Place via Novalug <novalug@firemountain.net> wrote:
>> > >
>> > >> I am assuming it has two chained certs, make sure the order is
>> > >> correct, that can burn you.
>> > >>
>> > >> Thanks
>> > >> John
>> > >>
>> > >>
>> > >>
>> > >> On 04/15/2015 01:59 AM, covici--- via Novalug wrote:
>> > >>> So how can I fix this, or should I get an ssl cert from somewhere
>> else?
>> > >>
>> > >> **********************************************************************
>> > >> The Novalug mailing list is hosted by firemountain.net.
>> > >>
>> > >> To unsubscribe or change delivery options:
>> > >> http://www.firemountain.net/mailman/listinfo/novalug
>> > >
>> > > --
>> > > Your life is like a penny.  You're going to lose it.  The question is:
>> > > How do
>> > > you spend it?
>> > >
>> > >         John Covici
>> > >         covici@ccs.covici.com
>> > > **********************************************************************
>> > > The Novalug mailing list is hosted by firemountain.net.
>> > >
>> > > To unsubscribe or change delivery options:
>> > > http://www.firemountain.net/mailman/listinfo/novalug
>> >
>>
>> --
>> Your life is like a penny.  You're going to lose it.  The question is:
>> How do
>> you spend it?
>>
>>          John Covici
>>          covici@ccs.covici.com
>>
>> **********************************************************************
>> The Novalug mailing list is hosted by firemountain.net.
>>
>> To unsubscribe or change delivery options:
>> http://www.firemountain.net/mailman/listinfo/novalug
>>
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
>
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug



More information about the Novalug mailing list