- From: Yngve Nysaeter Pettersen <yngve@opera.com>
- Date: Wed, 14 Mar 2007 15:43:41 +0100
- To: "Timothy Hahn" <hahnt@us.ibm.com>, public-wsc-wg@w3.org
Hello Tim, On Wed, 14 Mar 2007 15:01:23 +0100, Timothy Hahn <hahnt@us.ibm.com> wrote: > On page load - Firefox popped up a message telling me it didn't like the > company's Server certificate!!! So I investigated. The indication was > that the cert was signed by an unknown signer. So I looked at the signer > information. It said "Verisign Class 3 ..." from "Verisign. Inc.". > > So I looked at my set of known CA signer certificates ... I have 3 (count > 'em 3) Verisign Class 3 CA signer certificates known to my Firefox > install. > > So how could it be that I don't have the "right one"? (actually, I know > how it could be - Verisign created a new one, and I didn't know I was > supposed to go out and get it ... or I have a Firefox install that hadn't > had the right CA signer's update applied). > > Everything looks right ... even to my eyes which ought to know better ... > what could possibly be the issue? You may have encountered a website that is missing the Intermediate CA certificate from Versign. AFAIK, Verisign class 3 certs are usually organized subscriber->intermediate->root . What happens in some cases is that IE will download the intermediate if it is missing and there is a URL (the AIA attribute) in the site certificate, which means it will not complain. AFAIK Mozilla (and Opera) does not do this, which means that we are not able to complete the chain, and pop up a certificate warning This is a configuration issue on the server. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Wednesday, 14 March 2007 14:47:19 UTC