Educause Security Discussion mailing list archives
Re: Thawte root change to 2048 bit cert and intermediate CA
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 27 May 2010 15:48:59 +1200
On 26/05/2010, at 9:30 AM, Jason Testart wrote:
There shouldn't be any changes needed on the browser (assuming the correct root CA is trusted). You will need to change how you do things on the server. We had some pains educating our server admins to include the intermediate cert along with the server cert at certificate install time.
You need to be particularly careful with windows servers as intermediate certs need to be installed in a different place to the server certs. If you use the automated tools (double click on the cert ?) the windows normally does 'the right thing' but not always. We have also had very experienced admins who have manually added intermediate certs to the wrong store. We use Certs from AusCERT that rely on Comodo's "Add trust" certs. These certs are in most modern system so even if the admins don't install them on the server *most* things work, which is really confusing. Older Macs ( < 10.5 ?) are one conspicuous group that fail. Russell
Current thread:
- Thawte root change to 2048 bit cert and intermediate CA Flynn, Gary (May 25)
- <Possible follow-ups>
- Re: Thawte root change to 2048 bit cert and intermediate CA Jason Testart (May 25)
- Re: Thawte root change to 2048 bit cert and intermediate CA David A. Greenberg (May 26)
- Re: Thawte root change to 2048 bit cert and intermediate CA Russell Fulton (May 26)