David C. Rankin wrote:
On 11/03/2014 09:08 AM, Per Jessen wrote:
Your certificate chain is incomplete. Do you know if anything changed in this respect? This was working when that certificate was installed.
. and the server configuration is also broken beyond repair "ranked F" Perhaps not quite beyond repair, but yes, it's overdue to be moved off that server. We want to upgrade to 2.4 and get support for PFS, EC ciphers etc.
Per,
I tried the test from 13.1 FF and the certificate was there and worked.
Hi David thanks for testing - with the help of Brandon, Olav, Cristian et al, I have determined what is happening. In essence, I needed to add 'SSLCertificateChainFile' to the apache config pointing to the intermediate CA "SwissSign Server Silver CA 2008 G2". This was not clear at the time we set up this server as all the browsers used to test had already had been in touch with other sites using certificates issued by this CA. As Brandon suggested, for user-friendliness, Firefox caches/keeps any intermediate CAs offered by a server. This is nice for the user, but obstructs testing e.g. the need for adding SSLCertificateChainFile. /Per -- Per Jessen, Zürich (7.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org