[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS CA Chain Problem

To: Iruwen <iruwen@gmx.net>, openldap-technical@openldap.org
Subject: Re: TLS CA Chain Problem
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Mon, 12 Oct 2009 13:55:42 -0700
Content-disposition: inline
In-reply-to: <4AD39334.6070404@gmx.net>
References: <4AD328DE.1040704@gmx.net> <4ABAC4B5D3DE72EE651103C3@[192.168.1.199]> <C39BDC1D33C64045C039F0D4@[192.168.1.199]> <4AD39334.6070404@gmx.net>

--On Monday, October 12, 2009 10:36 PM +0200 Iruwen <iruwen@gmx.net> wrote:

---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mydomain.de
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA
Limited/CN=PositiveSSL CA

I don't get it :(

Comodo's cert is signed by someone else, you have to add that issuer to theCA chain. And it changes periodically too, in my experience from usingtheir certs. So you need to examine their CA cert, and find who signed it,and then add that to the chain.

For example, the one I was using at one time, was signed by the GTECyberTrust CA, so I needed to have that cert in the chain in addition tocomodo's.


--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: TLS CA Chain Problem
  - From: Howard Chu <hyc@symas.com>

References:
- TLS CA Chain Problem
  - From: Iruwen <iruwen@gmx.net>
- Re: TLS CA Chain Problem
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: TLS CA Chain Problem
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: TLS CA Chain Problem
  - From: Iruwen <iruwen@gmx.net>

Prev by Date: Re: TLS CA Chain Problem
Next by Date: Re: TLS CA Chain Problem
Index(es):
- Chronological
- Thread