 NoVA_CoxUserStand back from the cage -- The RF bitesPremium
join:2004-07-06
Alexandria, VA
4 edits | New SSL Cert Problem Report
New "No-Hierarchy" Cert | 
GoDaddy Cert w/ Trust Hierarchy |
However, the cert doesn't appear to "trust-up" to any hierarchy ... so browser security alerts are produced.
I've attached images of the new cert's info ... along with a similar cert from GoDaddy which does trust-up so as to not produce any alerts. |
|
 justinAustralian
join:1999-05-28
New York, NY
kudos:7
IPv6
Business Connectiv..
Console/Handheld g..
Console Tech
Home/Office setup ..
1 edit | our rapidssl cert is due to expire tomorrow so I bought a godaddy one, and installed it. I don't get a warning in firefox.. and to be honest I'm not sure what the difference is that you highlight, although I'll go google it.
edit: my IE doesn't peep also. |
|
|
|
NoVA_CoxUserStand back from the cage -- The RF bitesPremium
join:2004-07-06
Alexandria, VA
1 edit | 
Actual FFX Security Error |
Here's that actual FFX alert I'm receiving (those earlier screenshots were certificate properties) |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 | I don't get that on safari windows, firefox or ie.. |
|
NoVA_CoxUserStand back from the cage -- The RF bitesPremium
join:2004-07-06
Alexandria, VA
2 edits | Interesting ...
I'm going thru my own FFX security settings (and about:config) to see if I possibly have a more "sensitive" setting causing me to see this.
I'll keep you posted on what I find. |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 | you are trying this on »secure.dslreports.com right |
|
NoVA_CoxUserStand back from the cage -- The RF bitesPremium
join:2004-07-06
Alexandria, VA
2 edits | It is received right after submitting username and password from www.dslreports.com/login/?secure=1
(The URL you included returns a 403 Forbidden error)
BTW, I'm running FFX 2.0.0.4 |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 | yeah that posts to secure.dslreports.com
you get the same error on just visiting the https link above? |
|
NoVA_CoxUserStand back from the cage -- The RF bitesPremium
join:2004-07-06
Alexandria, VA
3 edits | said by justin: ... you get the same error on just visiting the https link above? ... Visiting that link directly simply returns a 403 "Forbidden" error
edit: Yes |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 | well the cert takes in that case, so it must just be a problem with posting. Perhaps someone else has the same issue as you do? |
|
NoVA_CoxUserStand back from the cage -- The RF bitesPremium
join:2004-07-06
Alexandria, VA
2 edits | Problem solved. 
It required me D/Ling, installing -- and trusting -- the GoDaddy Class 2 CA certificate on which your new SSL cert is based.
»certificates.godaddy.com/reposit···iate.crt |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 | I didn't have to do that. Any reason your install was missing the cert? |
|
NoVA_CoxUserStand back from the cage -- The RF bitesPremium
join:2004-07-06
Alexandria, VA
4 edits | said by justin: ... Any reason your install was missing the cert? ... I have no idea.
It did have the GoDaddy CA (which was used by the "error-free" cert properties image posted in my OP) ... and which "threw me" for a while ...
... but the GoDaddy Class 2 CA cert (used by DSLR) was missing; I can only assume from my original FFX installation. |
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to justin
I see the same error on both linux and XP (with firefox).
I think your apache server certificate file needs to contain two certificates - both your site certificate, and the GoDaddy certificate that signed it (i.e. it should have the full certificate chain). I think (not sure) that will reolve the problem without people having to download and install the additional GoDaddy cert. I'm not sure if the order of these certificates matters.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 | how about now? |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 | Still bad.
I had to restart the browser to check. I had previously told it to accept for this session, so I needed to start a new session.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 Host:
IPv6
Business Connectiv..
Console/Handheld g..
Console Tech
Home/Office setup ..
| Well I don't know, because now it shows the hierarchy for me.. |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Firefox has the top ("Go Daddy Class 2 CA"), but it does not see the "Go Daddy Secure Certification Authority" certificate.
I could solve the problem by installing that certificate, but that only solves it for me.
Incidently, Opera and Konqueror are seeing the same problem.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 | so you have the same problem at »certificates.godaddy.com? |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| No problem at all at that site.
Interesting. After visiting that site, I am fine with the dslreports certificate. But if I restart firefox I again have problems. It seems that going to the godaddy site caches the missing intermediate certificate, and that makes it available for secure.dslreports.com until I shutdown the browser.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
