Wildcard SSL -- help needed please to point the finger
[URL="https://post-office.clara.net/"]https://post-office.clara.net/[/URL].
ClaraNET has bought a shiny new wildcard SSL cert, and it doesn't work. OmniWeb-5.8 Revision: 104805 is running a warning sheet "unknown certificate authority"; this is incorrect since Globalsign is a trusted CA, but the main problem is that the Common Name in the cert is *.clara.net . OmniWeb doesn't like it; Firefox 2 doesn't like it; Safari 3.1.2 doesn't like it; MSIE 5.23/Carbon doesn't like it. MSIE7 might work I suppose -- I haven't tried. So what's up with the cert? Is this a correctly issued'n'configured wildcard SSL cert and all these Mac browsers don't like it because they're using OS-supplied crypto libraries that don't deal with wildcard SSL, or have ClaraNET and/or Globalsign fouled up, or is wildcard SSL just a thoroughly bad idea, ideally not to be touched with a 20ft pole? |
You need to install it to OS X using keychain utility. OS X native apps ask the OS itself for certificates. I am not sure about firefox but can speak for icab/omniweb/safari. IE for Mac while being old and insecure asks same location and even installs own certs.
I'd recommend launching keychain access and reading its help. As SSL certs are critical; I can`t post step by step instructions. It is easy though. Ask Clara guys if you need. They must have instructions or ready made knowledge base. |
The problem has gone away by itself. I'm guessing that when the new cert was installed on the server, the mod_ssl Apache directive SSLCertificateChainFile should have been updated, and initially wasn't, which is why clients such as OmniWeb were emitting "unknown certificate authority"-type warning messages; so the problem wasn't with OmniWeb.
|
All times are GMT -8. The time now is 12:49 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.