[RndTbl] Browser not receiving entire certificate chain?
Wyatt Zacharias
wyatt at magitech.ca
Fri Jun 12 14:18:52 CDT 2015
So we recently upgraded our SSL certificate to SHA256 to meet Google's new
security policies,
and now we're getting very isolated incidents where browsers do not trust
the new certificate because
the don't trust the CA that issued them. It first started from on a couple
of our internal workstations
but we now have a customer with the same issue. From what I can see, it
looks like the browser is
not seeing the first certificate in the chain, which is the Verisign root
certificate, and then it doesn't
trust the rest of the chain.
Here's what our correct chain looks like:
[image: Inline image 1]
And here's what I see on the clients with the error:
[image: Inline image 2]
Could it be an issue on the Apache end, or maybe an obscure issue with
Internet explorer?
It's odd that I don't even see the first certificate in the chain marked as
invalid, I just don't see
a certificate at all.
If anyone cares to give it try for themselves, https://www.mb.bluecross.ca
let me know if you get
an error.
--
Wyatt Zacharias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150612/ee897033/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 10917 bytes
Desc: not available
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150612/ee897033/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 15084 bytes
Desc: not available
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150612/ee897033/attachment-0003.png>
More information about the Roundtable
mailing list