Re: [RADIATOR] Certificate Not Trusted - InCommon? [EXT]

Wed, 02 Jun 2021 06:56:01 -0700 

Hi Roberto,

That issuing certificate is an intermediate that is actually signed by:

Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, 
CN=USERTrust RSA Certification Authority

So the USERTrust RSA Certification Authority certificate will be the one that 
most devices will actually know about by default.

You should send the InCommon RSA Server CA certificate as part of the chain 
along with your own server certificate.

Hope that helps.

Regards,

Martin.


> On 1 Jun 2021, at 16:35, Ullfig, Roberto Alfredo <rull...@uic.edu> wrote:
> 
> This has always been an issue for us. Whenever a user connects for the first 
> time they get "certificate not trusted". Is this because the certificate is 
> issued by:
> 
>         Issuer: C=US, ST=MI, L=Ann Arbor, O=Internet2, OU=InCommon, 
> CN=InCommon RSA Server CA
> 
> So, most (maybe all) devices do not install the InCommon CA? What's the best 
> solution for this? Should users manually install the InCommon CA first before 
> connecting?
> 
> ---
> Roberto Ullfig - rull...@uic.edu <mailto:rull...@uic.edu>
> Systems Administrator
> Enterprise Applications & Services | Technology Solutions
> University of Illinois - Chicago
> _______________________________________________
> radiator mailing list
> radiator@lists.open.com.au <mailto:radiator@lists.open.com.au>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.open.com.au_mailman_listinfo_radiator&d=DwICAg&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=Pmm7Evpg3H5MI4_C7ltAOg&m=gpK8hUbtc7SYuPwiGksef-6z7s8D3bO5h8YLGiUCRXs&s=wsBerJ1VkDD_cN-nV1KQo2Lm8pvP6TxJ21eWRsaRSm4&e=
>  
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.open.com.au_mailman_listinfo_radiator&d=DwICAg&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=Pmm7Evpg3H5MI4_C7ltAOg&m=gpK8hUbtc7SYuPwiGksef-6z7s8D3bO5h8YLGiUCRXs&s=wsBerJ1VkDD_cN-nV1KQo2Lm8pvP6TxJ21eWRsaRSm4&e=>

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator

Reply via email to