[Novalug] problem with new ssl certificate
Derek LaHousse
dlahouss@mtu.edu
Wed Apr 15 11:55:53 EDT 2015
OpenSSL apparently cares about order, as well. Firefox was showing me
the 5 certs, while s_client was only showing 3, and certs number 1 and
2 were out of order. You need to fix em:
cat covici.com.pem netsolssl.pem usertrust.pem addtrust.pem UTN.pem >
serverbundle.pem
On Wed, Apr 15, 2015 at 11:53 AM, <covici@ccs.covici.com> wrote:
> I just used the ones network solutions gave me. Maybe their bundle is
> defective.
>
> Derek LaHousse <dlahouss@mtu.edu> wrote:
>
>> You didn't mention the UserTrust RSA Certification Authority. I see 5
>> certs, although depending on what's trusted as a "root", you may need
>> fewer.
>>
>> covici.com <- Network Solutions DV Server CA 2 <- USERTrust RSA
>> Certification Authority <- AddTrust External CA Root <- UTN - DATACorp
>> SGC.
>>
>> How many of those are in the bundle you're sending?
>>
>> On Wed, Apr 15, 2015 at 11:36 AM, John Covici via Novalug
>> <novalug@firemountain.net> wrote:
>> > Well, the cert is a different directive, do I need to put it in the
>> > chain as well? I have never had to do that before.
>> >
>> > John Place via Novalug <novalug@firemountain.net> wrote:
>> >
>> >> My experience it has been your cert first...
>> >>
>> >> mydomain.com
>> >> somechain2
>> >> somechan1
>> >>
>> >> or as it typically shows in your browser under "show me the cert" do
>> >> the reverse...
>> >>
>> >> Hope this helps...
>> >>
>> >> John
>> >>
>> >> On 04/15/2015 09:32 AM, covici@ccs.covici.com wrote:
>> >> > I have the NetworkSolutionsDVServerCA.crt first and then the
>> >> > AddTrustExternalCARoot.crt after that, is this the correct order?
>> >>
>> >> **********************************************************************
>> >> The Novalug mailing list is hosted by firemountain.net.
>> >>
>> >> To unsubscribe or change delivery options:
>> >> http://www.firemountain.net/mailman/listinfo/novalug
>> >
>> > --
>> > Your life is like a penny. You're going to lose it. The question is:
>> > How do
>> > you spend it?
>> >
>> > John Covici
>> > covici@ccs.covici.com
>> > **********************************************************************
>> > The Novalug mailing list is hosted by firemountain.net.
>> >
>> > To unsubscribe or change delivery options:
>> > http://www.firemountain.net/mailman/listinfo/novalug
>
> --
> Your life is like a penny. You're going to lose it. The question is:
> How do
> you spend it?
>
> John Covici
> covici@ccs.covici.com
More information about the Novalug
mailing list