I need help solving the following problem I have recently obtained and installed a secure certificate from VeriSign. However, vistors to my site still get an error message stating that we are using a certificate signed by an untrusted CA. Netscape and Mozilla users are alerted by pop-up while IE users would only notice the error if they explore the certificate by clicking the 'lock' icon.
This is the information provided by "Issuer" under the "Details" tab of "Certificate Information" in IE6/Win98, the same information is provided by Mozilla 1.0.1/RH7.3 OU = www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign OU = VeriSign International Server CA - Class 3 OU = VeriSign, Inc. O = VeriSign Trust Network I have installed the certificate and the intermediate certificate per modssl intructions and verified installation with VeriSign instructions but visitors to my site still get an error that the cert has been signed by an untrusted CA. However, the properties of the cert reveal that the issuer is indeed VeriSign Trust Network. VeriSign support has told me that it is an installation error, and that the cert is not "Chaining." My installation: I received the cert from Verisign as an email attachment and saved the cert to: $APACHE_HOME/conf/ssl.crt/server.crt. I then visited the VeriSign web site copied and pasted the intermediate cert into a text editor (gEdit) and saved the file to $APACHE_HOME/conf/ssl.crt/ca.crt. I updated my conf with the following directives: <VirtualHost MY_IP:443> ... SSLCertificateFile conf/ssl.crt/server.crt SSLCertificateKeyFile conf/ssl.key/server.key SSLCACertificateFile conf/ssl.crt/ca.crt SSLProtocol -all +SSLv2 SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP </VirtualHos> Apache was then restarted $APACHE_HOME/bin/apachectl stop $APACHE_HOME/bin/apachectl startssl. I have even tried recompling Apache and used `make certifcate TYPE=existing` I am using: RH 7.1 Apache 1.3.27 openssl-0.9.6e mod_ssl-2.8.12-1.3.27 Has anyone else experienced this or can they point out any errors with my process? Thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]