Hmm...I hope I am not displaying gross ignorance here, but I
am really confused by what I just saw. I was always under the
impression that SSL clients looked at a few things in a signed
certificate to be able to find the root CA that supposedly
issued the cert, and that one of these things was Issuer Name.
But the issuer name in this cert doesn't come close to matching
any issuer name I've seen from Verisign - hence the browser
(I think) is rejecting it. My confusion: Verisign sure should
know about that, and really shouldn't be changing the issuer
name like that for a typical server cert.
Below is the issuer line in your certificate
/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International
Ser
ver CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
LTD.(c)97 Veri
Sign
(or use http://www.e-softinc.com/probe/probe.html to get data if
you don't want to use openssl's command line utilities)
Below is what Verisign's server cert issuer line used to look like.
(Extracted from a site with a Versign cert issued in August 1999)
issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
And if I look into my browser and examine the signer certs in there,
there is nothing with "Verisign Trust Network" in it at all.
So, that leads back to wondering exactly what kind of certificate
was purchased? I'd say you have good cause to at least go back to
Verisign and ask for some help, telling them the cert is successfully
installed and functioning in the web server side of things without
problems, but that you are wondering why you can't get the cert to be
recognized in the browser. (Not an Apache problem!)
Of course, I may be missing something obvious here, but then am
always willing to learn :)
Cheers, Thomas
"DERMINIO, MARLENE" wrote:
>
> >What is the URL of the offending server so we can take a look?
>
> https://mohost.moric.org/secret2.html
>
> ********************************************
> Marlene Derminio
> Mohawk Regional Information Center
> Phone: (315) 361-5760 Fax: (315) 361-5566
> [EMAIL PROTECTED]
> ********************************************
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
------------------------------------------------------------
Thomas Reinke Tel: (905) 331-2260
Director of Technology Fax: (905) 331-2504
E-Soft Inc. http://www.e-softinc.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]