We had the same problem and found that Verisign G5 root certificate has to be added to the local database NSS DB. To do this follow the steps below:
1) Download entire "Verisign root package" from http://www.verisign.com/support/roots.html 2) Extract to a particular folder and add "VeriSign Class 3 Public Primary Certification Authority - G5.cer" to your database. This problem is occurring because for certificate has verified and all the intermediate issues also needs to be verified. Looks Verisign 2010 certificate is new one. Radek Voltr wrote: > > Hello > > we get new certificate from VeriSign and I have problem with usage. > Old certs work correctly (VeriSign and Thawte) but new one don't > work. > > I am getting this : > Issued by: VeriSign Class 3 Code Signing 2010 CA - VeriSign, Inc. > Expires: Sat Mar 08, 2014 > ++ Error ++ THIS CERTIFICATE IS NOT VALID (Certificate Authority > certificate invalid) > >>signtool -L -d . > > S Certificates > - ------------ > * NSS Certificate DB:PvkTmp:bf3232b2-5536-4cde-98a8-cd0c2cedccef > VeriSign > VeriSign Class 3 Code Signing 2010 CA - VeriSign, Inc. > - ------------ > Certificates that can be used to sign objects have *'s to their left. > > > This is on newly build NSS without built-in CA's but with built-in is > results identical. > > Can somebody help me with this issue ? > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security > > -- View this message in context: http://old.nabble.com/Verisign-Certificate-is-not-accepted-for-codesign-tp31212632p31988233.html Sent from the Mozilla - Security mailing list archive at Nabble.com. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
