>> It means "Unknown certificate" and "Details". I've changed >> the language >> to English, and here is the picture again, this time in English: >> http://img259.imageshack.us/img259/6756/20071126sslonftpcarrotnji1.jpg >> >> What options do I have if it's an intermediary CA? Should I >> add another >> certificate to their CA also? > >Things to try: > >1) put your cert and the cert for the Thawte CA together into one file >and use that (literally 'cat' them together one after the other)
I've tried but it did not look like it made any difference. I've tried with both an thawte intermediate cert and the server cert, no luck. >2) Try importing the CA Cert into your clients (I have no idea how to do >this, usually trying to download it from Thawte is sufficient to >generate a dialog in Windows) This is probably what I'm trying not to do. I could tell my customers to just say "OK" to the warning but that's not a professional solution. > >I'm relating this to the Apache world where if I have a SSL Cert signed >by a root CA (like Verisign) I can just fill in SSLCertificateFile, but >if I have a certificate signed by an intermediate CA (e.g GlobalSign >Cybertrust) , I have to supply SSLCertificateFile and >SSLCACertificateFile so that Apache can supply the intermediate CA which >is then trusted by one of the global roots. Apache is normally no problem. I've used several SSL123 sertificates with Apache and Tomcat. >Of course I could be way off base here, I don't actually use vsftpd. I find it a bit strange that nobody else have done this kind of setup (vsftpd + valid ssl) and posted a guide on the net (I've googled this for hours and hours). > >-- >Sam /Christopher _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
