Topic: EV SSL cert slight problem

[jameswilson]

Hi all
I have a sme 7.5.1 running very well indeed (always has) a couple of months ago i the ssl cert ran out and we purchased an ev ssl cert.
Following the existing guides I got it to work. But for some reason there are 3 parts to the ssl cert.
I used to 2 parts i recognised (its a globalsign cert) and it works fine. Or so i thought.

If you visit https globalsign then the cert on my site works correctly. If i dont then the browser reports an untrusted cert until you visit globalsign https.
I assume the 3rd cert is a rotot cert that is required? But i dont know how to add this to the system. They call it if i recall a cross cert.

Any suggestions please?

James

[jameswilson]

any ideas?

[janet]

jameswilson

Guessing that the globalsign root certificate needs to be updated in the web browser, so the browser accepts your site certificate.
Perhaps just try updating the web browser.

Other than that you should really ask globalsign

Look here
http://www.globalsign.com/ssl-information-center/certificate-authority-root.html
for the clients supported.

When using the EV cert, only recent releases of browsers & email clients are supported.
Extended Validation Browsers
• Microsoft Internet Explorer 7+ (Vista)
• Microsoft Internet Explorer 7+ ( XP)*
• Opera 9.5+
• Firefox 3+
• Google Chrome 0.3.154.9 +
• Apple Safari 3.2 +
• Apple iPhone 3.0 +

[jameswilson]

Thanks Mary.
If you test my webserver with https you will find that it shows an unverified cert. However once you visit globalsign https then the ev works fine on my site.

Now looking into the cert info they have sent me i have 3 parts to the cert

MUST BE INSTALLED ON YOUR WEB SERVER:
Your SSL Certificate (Formatted for the majority of web server
software including IIS and Apache based servers):

and

MUST BE INSTALLED ON YOUR WEB SERVER:
ExtendedSSL Intermediate Certificate:

and

MUST BE INSTALLED ON YOUR WEB SERVER:
Extended Validation Cross Certificate:

I have only installed the ssl cert which is what im assuming is the problem

Globalsign do give instructions for centos but as sme is 'different' i dont like following centos guides as the results can be unpredictable.

Im not 100% on ssl certs at the best of time but this has totally fixed me.
ANy suggestions.

James

[jameswilson]

http://nl.globalsign.com/en/support/ssl+certificates/redhat/red+hat+enterprise+linux/install+certificate/

I can see i need to install the intermediate cert, but i also have a cross certificate.
I have no idea what to put where and how.

[janet]

jameswilson

Perhaps you should tell us what your domain is, so we can take a look.

[jameswilson]

securitywarehouse.co.uk
thats one of the domains and the ssl one.

[Stefano]

I have no problem/message or other if I go to https:///www.securitywarehouse.co.uk/, it simply works for me

I'm using FF on ubuntu 10.04 and I see the green label "Security Warehouse LTD (GB)"

IMO it's an issue on your side

[jameswilson]

thats what i thought but what i think is if anyone has visited a correctly configured site with a globalsign ev cert then mine works as expected. But if someone hasnt then the cert fails. If you then visit globalsign https then it starts working. Can i clear out the certs etc on my local machine for testing?

[Stefano]

installed chrome and works flawlessy.. I never used chrome before

HTH

[janet]

jameswilson

If you test my webserver with https you will find that it shows an unverified cert. However once you visit globalsign https then the ev works fine on my site.

What web browsers and version are you using ?
What OS and version are you trying from ?

My understanding is that the certificate issuers root certificate information is included in the root certificate "store location" of your browser. If you use an older browser or an out of date browser, then by updating the browser to the latest version then you will also update the root certificate details, which includes knowledge of globalsign certificates & other certificate issuers who pay their fees to the browser developers.

[janet]

jameswilson

Can i clear out the certs etc on my local machine for testing?

Look  in your browser to "clear those out" although I don't see how removing root certificates will help.
Updating your root certificate(s) will probably help.
In FireFox see, Tools Options Advanced Encryption View Certificates