> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Christopher Thorjussen > Sent: 26 November 2007 16:27 > To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list > Subject: RE: [rhelv5-list] FTP Client won't accept thawte SSL > cert in vsftpd > > >I suspect it is because the Thawte certificate which signed your > >certificate is an intermediary CA and not a root CA so it > doesn't exist > >as a trusted source on your clients. > > > >Can you translate the top line of the certificate error between the > >"Ukjent sertifikat" and the "Detaljer" please as my Norwegian is > >non-existent. > > > >-- > >Sam > > It means "Unknown certificate" and "Details". I've changed > the language > to English, and here is the picture again, this time in English: > http://img259.imageshack.us/img259/6756/20071126sslonftpcarrotnji1.jpg > > What options do I have if it's an intermediary CA? Should I > add another > certificate to their CA also?
Things to try: 1) put your cert and the cert for the Thawte CA together into one file and use that (literally 'cat' them together one after the other) 2) Try importing the CA Cert into your clients (I have no idea how to do this, usually trying to download it from Thawte is sufficient to generate a dialog in Windows) I'm relating this to the Apache world where if I have a SSL Cert signed by a root CA (like Verisign) I can just fill in SSLCertificateFile, but if I have a certificate signed by an intermediate CA (e.g GlobalSign Cybertrust) , I have to supply SSLCertificateFile and SSLCACertificateFile so that Apache can supply the intermediate CA which is then trusted by one of the global roots. Of course I could be way off base here, I don't actually use vsftpd. -- Sam _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
