On 1/10/07, Bill Barker <[EMAIL PROTECTED]> wrote:
In all the gory details, it seems that at the moment the app in question is only sending it's own cert back to the browser (instead of the entire chain). However all browsers recognize Verisign's cert as a signer, so they don't care. Older browsers (or JDKs :) will have the expired copy of VS's intermediate cert, and so can't validate the cert chain anymore, and so will give an error (those of us using Apache Httpd have had this problem for awhile now :). The solution is to force TC to send the newer intermediate cert back with the handshake, so the browser/JDK only has to find the root VS cert.
I think I fixed this via the SSLCertificateChainFile param and the immediary cert from verisign . So on my tests, ie6 , firefox 1.5 and firefox 2.0 . Could I please get some independant verification for this site before I tell my company its working? https://dpt.alphatheory.com/ Great community here , the help has been greatly appreciated!!! Robert --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
