nanog mailing list archives
Re: FIXED - Re: Broken SSL cert caused by router?
From: Tom Taylor <tom.taylor.stds () gmail com>
Date: Mon, 30 Mar 2015 13:41:50 -0400
On 29/03/2015 11:56 PM, John Levine wrote:
SSLCertificateChainFile /etc/ssl/certs/gd_bundle-g2-g1.crt I have actually fixed it.Yeah, that's always it. Back in the good aulde days all of the SSL certs one might buy were signed directly by the CA, but now more often than not there are intermediate certs, and a valid cert needs to be accompanied by all of the intermediate certs between it and the CA. What makes debugging hard is that browsers try to be helpful. If a server doesn't provide the intermediate certs, but the browser happens to have them in its cache from some other site, well, close enough and the SSL works. But if some other browser doesn't happen to have them, you lose. So if your SSL is flaky, check those intermediate certs first. R's, John
With all this resolved, I'll note that I just revieweddraft-ietf-tls-sslv3-diediedie, which is in IETF Last Call prior to publication as an RFC. It deprecates the use of any version of SSL in favour of TLS 1.2 in the clientHello negotiations.
Tom Taylor
Current thread:
- Re: FIXED - Re: Broken SSL cert caused by router?, (continued)
- Re: FIXED - Re: Broken SSL cert caused by router? Mike (Mar 27)
- Re: FIXED - Re: Broken SSL cert caused by router? ML (Mar 27)
- Re: FIXED - Re: Broken SSL cert caused by router? Josh Luthman (Mar 27)
- RE: FIXED - Re: Broken SSL cert caused by router? Frank Bulk (Mar 27)
- Re: FIXED - Re: Broken SSL cert caused by router? Mike (Mar 28)
- Re: FIXED - Re: Broken SSL cert caused by router? Doug Barton (Mar 28)
- Re: FIXED - Re: Broken SSL cert caused by router? Matt Palmer (Mar 28)
- Re: FIXED - Re: Broken SSL cert caused by router? Mike (Mar 29)
- Re: FIXED - Re: Broken SSL cert caused by router? Michael Brown (Mar 29)
- Re: FIXED - Re: Broken SSL cert caused by router? John Levine (Mar 29)
- Re: FIXED - Re: Broken SSL cert caused by router? Tom Taylor (Mar 30)