Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Verign Certificate Authority name not recognized

67 views
Skip to first unread message

same...@gmail.com

unread,
Dec 3, 2007, 3:27:36 AM12/3/07
to
Hi,

Our sites SSL certificate contains following information

Common Name (CN): VeriSign Class 3 Secure Server CA
Organization (O): VeriSign, Inc.
Organizational Unit (OU): VeriSign Trust Network

This certificate is not accepted by FireFox 2.0.0.x (FF) and Netscape
Navigator (NN). I did not find exact match in trusted authorities tab
of FF/NN

Is there any plan to include this common name in FF by default? Or
should we re-obtain our certificate?

(Our cert works fine in IE 6.x)

Thanks,
Sameer

Hasse

unread,
Dec 3, 2007, 12:36:58 PM12/3/07
to
In article <e6b011a0-c52b-4d6d-ab01-
e4f9c0...@s12g2000prg.googlegroups.com>, wrote...

As far as I know, "VeriSign Class 3 Secure Server CA" is not a root
certificate, but an intermediate certificate that you must install on
your server. See
http://www.verisign.com/support/advisories/page_040611.html



> (Our cert works fine in IE 6.x)

Perhaps you have previously visited another correctly configured web
server? I believe IE caches intermediate certificates it encounters.

--
Hasse

same...@gmail.com

unread,
Dec 7, 2007, 3:29:16 PM12/7/07
to
On Dec 3, 9:36 am, Hasse <ha...@jasajudeju.se> wrote:
> In article <e6b011a0-c52b-4d6d-ab01-
>
> e4f9c0e1f...@s12g2000prg.googlegroups.com>, wrote...

> > Hi,
>
> > Our sites SSL certificate contains following information
>
> > Common Name (CN): VeriSign Class 3 Secure Server CA
> > Organization (O): VeriSign, Inc.
> > Organizational Unit (OU): VeriSign Trust Network
>
> > This certificate is not accepted by FireFox 2.0.0.x (FF) and Netscape
> > Navigator (NN). I did not find exact match in trusted authorities tab
> > of FF/NN
>
> > Is there any plan to include this common name in FF by default? Or
> > should we re-obtain our certificate?
>
> As far as I know, "VeriSign Class 3 Secure Server CA" is not a root
> certificate, but an intermediate certificate that you must install on
> your server. Seehttp://www.verisign.com/support/advisories/page_040611.html

>
> > (Our cert works fine in IE 6.x)
>
> Perhaps you have previously visited another correctly configured web
> server? I believe IE caches intermediate certificates it encounters.
>
> --
> Hasse

Thanks for your reply. Our team solved this issue by using following
method

SSLCertificateFile server-prod.crt
SSLCertificateKeyFile server-prod.key
SSLCACertificateFile verisign.key

We appended contents of server-prod.crt to verisign.key and used
resulting file as SSLCACertificateFile. Then FF/NN stopped giving any
pop-up. Is this a valid/recommended/documented fix?

Thanks,
Sameer

Hasse

unread,
Dec 8, 2007, 4:08:06 AM12/8/07
to
In article <0d505975-53cd-41ab-b386-
b61711...@b1g2000pra.googlegroups.com>, wrote...

Sorry, I don't know. But VeriSign support ought to be able to help you
with that.

--
Hasse

0 new messages