Re: VeriSign certificate returning "not issued by trusted certificate authority" in all browsers
Posted by TrevorH on 2012/3/16 16:37:36
Is it using the correct certificate? Try running
and check the details of the certificate that is being used.
openssl s_client -connect www.customer.com:443
and check the details of the certificate that is being used.
VeriSign certificate returning "not issued by trusted certificate authority" in all browsers
Posted by tinawalt on 2012/3/16 2:10:06
I obtained security certificate from VeriSign for client connection to the customer web apache server. Below is the Issuer tag line from the www.customer.com.pem file.
issuer=CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
I have tried several things to get the certificate to validate.
Added the following to the httpd.conf file in my <VirtualHost> … </VirtualHost> definition
# SSL Certs
SSLEngine ON
SSLCertificateFile /etc/pki/tls/private/www.customer.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.customer.com.key
SSLCertificateChainFile /etc/pki/tls/private/www.customer.com.crt
Since the ssl.conf file has a statement in it for SSLCACertificateFile
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
I concatenated the www.customer.com.pem >> /etc/pki/tls/certs/ca-bundle.crt and verified that apache was ok with the configuration by running
# /usr/sbin/apachectl –t
Syntax OK
I then restarted httpd
/etc/init.d/httpd restart
And still the certificate returns when accessing https://www.customer.com the error of ‘not issued by trusted certificate authority”.
The pertinent packages I have installed is
Installed Packages
httpd.x86_64 2.2.15-15.el6.centos.1 @updates
httpd-tools.x86_64 2.2.15-15.el6.centos.1 @updates
mod_ssl.x86_64 1:2.2.15-15.el6.centos.1 @updates
openssl.x86_64 1.0.0-20.el6_2.2 @updates
openssl-devel.x86_64 1.0.0-20.el6_2.2 @updates
At this point I’m not sure what else I can do. Can you please tell me if I’m missing a package that will assist in SSLCACertificateFile or SSLCertificateChainFile verification? Is there a patch that needs to be installed? Am I missing something in one of my conf files?
Any assistance is greatly appreciated.
Thank you,
--tinawalt
issuer=CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
I have tried several things to get the certificate to validate.
Added the following to the httpd.conf file in my <VirtualHost> … </VirtualHost> definition
# SSL Certs
SSLEngine ON
SSLCertificateFile /etc/pki/tls/private/www.customer.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.customer.com.key
SSLCertificateChainFile /etc/pki/tls/private/www.customer.com.crt
Since the ssl.conf file has a statement in it for SSLCACertificateFile
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
I concatenated the www.customer.com.pem >> /etc/pki/tls/certs/ca-bundle.crt and verified that apache was ok with the configuration by running
# /usr/sbin/apachectl –t
Syntax OK
I then restarted httpd
/etc/init.d/httpd restart
And still the certificate returns when accessing https://www.customer.com the error of ‘not issued by trusted certificate authority”.
The pertinent packages I have installed is
Installed Packages
httpd.x86_64 2.2.15-15.el6.centos.1 @updates
httpd-tools.x86_64 2.2.15-15.el6.centos.1 @updates
mod_ssl.x86_64 1:2.2.15-15.el6.centos.1 @updates
openssl.x86_64 1.0.0-20.el6_2.2 @updates
openssl-devel.x86_64 1.0.0-20.el6_2.2 @updates
At this point I’m not sure what else I can do. Can you please tell me if I’m missing a package that will assist in SSLCACertificateFile or SSLCertificateChainFile verification? Is there a patch that needs to be installed? Am I missing something in one of my conf files?
Any assistance is greatly appreciated.
Thank you,
--tinawalt
This Post was from: https://www.centos.org/newbb/viewtopic.php?forum=59&topic_id=36418