[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS CA Chain Problem

--On Monday, October 12, 2009 10:36 PM +0200 Iruwen <iruwen@gmx.net> wrote:

Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mydomain.de
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA
Limited/CN=PositiveSSL CA

I don't get it :(

Comodo's cert is signed by someone else, you have to add that issuer to the CA chain. And it changes periodically too, in my experience from using their certs. So you need to examine their CA cert, and find who signed it, and then add that to the chain.

For example, the one I was using at one time, was signed by the GTE CyberTrust CA, so I needed to have that cert in the chain in addition to comodo's.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration