System: Solaris running Apache 1.3.14, mod_ssl 2.7.1, openssl 0.9.6 with Verisign global server id installed. Problem: Netscape Navigator 4.74 complains that it doesn't recognize the signer of the server cert. I've followed the directions in mod_ssl for the global server id, and checked the openssl and mod_ssl list archives, but I can't figure out how to get Netscape to accept the cert as valid. Can anyone suggest a fix, or tell me how to install the intermediate CA cert manually in Netscape (so it's there the first time a user connects to my server)? Details: I've installed server.crt (my Verisign global server id, created for Apache) where SSLCertificateFile points and ca.crt (the Verisign intermediate CA cert) where SSLCertificateChainFile points. Running make in my ssl.crt directory (to create the hash code links) gives me an error on the ca.crt file: unable to load certificate 1938:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE This doesn't seem to be the problem because Apache finds the file by name using SSLCertificateChainFile, and IE gets the intermediate cert correctly. In IE, I can see the certificate chain, root CA -> intermediate CA -> server, and everything validates correctly. So it seems that Apache is sending the intermediate cert, but NS ignores it. At the moment the server name and the server cert CN are different, due to a temporary DNS config. Both browsers report that, but Netscape reports the signature problem first. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]