[Novalug] problem with new ssl certificate

Derek LaHousse dlahouss@mtu.edu
Wed Apr 15 11:55:53 EDT 2015


OpenSSL apparently cares about order, as well.  Firefox was showing me
the 5 certs, while s_client was only showing 3, and certs number 1 and
2 were out of order.  You need to fix em:
cat covici.com.pem netsolssl.pem usertrust.pem addtrust.pem UTN.pem >
serverbundle.pem

On Wed, Apr 15, 2015 at 11:53 AM,  <covici@ccs.covici.com> wrote:
> I just  used the ones network solutions gave me.  Maybe their bundle is
> defective.
>
> Derek LaHousse <dlahouss@mtu.edu> wrote:
>
>> You didn't mention the UserTrust RSA Certification Authority.  I see 5
>> certs, although depending on what's trusted as a "root", you may need
>> fewer.
>>
>> covici.com <- Network Solutions DV Server CA 2 <- USERTrust RSA
>> Certification Authority <- AddTrust External CA Root <- UTN - DATACorp
>> SGC.
>>
>> How many of those are in the bundle you're sending?
>>
>> On Wed, Apr 15, 2015 at 11:36 AM, John Covici via Novalug
>> <novalug@firemountain.net> wrote:
>> > Well, the cert is a different directive, do I need to put it in the
>> > chain as well?  I have never had to do that before.
>> >
>> > John Place via Novalug <novalug@firemountain.net> wrote:
>> >
>> >> My experience it has been your cert first...
>> >>
>> >> mydomain.com
>> >> somechain2
>> >> somechan1
>> >>
>> >> or as it typically shows in your browser under "show me the cert" do
>> >> the reverse...
>> >>
>> >> Hope this helps...
>> >>
>> >> John
>> >>
>> >> On 04/15/2015 09:32 AM, covici@ccs.covici.com wrote:
>> >> > I have the NetworkSolutionsDVServerCA.crt first and then the
>> >> > AddTrustExternalCARoot.crt after that, is this the correct order?
>> >>
>> >> **********************************************************************
>> >> The Novalug mailing list is hosted by firemountain.net.
>> >>
>> >> To unsubscribe or change delivery options:
>> >> http://www.firemountain.net/mailman/listinfo/novalug
>> >
>> > --
>> > Your life is like a penny.  You're going to lose it.  The question is:
>> > How do
>> > you spend it?
>> >
>> >          John Covici
>> >          covici@ccs.covici.com
>> > **********************************************************************
>> > The Novalug mailing list is hosted by firemountain.net.
>> >
>> > To unsubscribe or change delivery options:
>> > http://www.firemountain.net/mailman/listinfo/novalug
>
> --
> Your life is like a penny.  You're going to lose it.  The question is:
> How do
> you spend it?
>
>          John Covici
>          covici@ccs.covici.com



More information about the Novalug mailing list