2

I recently swapped my sites SSL certificate over to a new Thawte 2048 bit cert.

Ubuntu/libcurl doesn't seem to be able to verify it. Web browsers and OSX is fine.

I had to manually update the cert bundle on the OS from here:

https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR1374

Any ideas why Ubuntu doesn't have these?

Thank you

Mark

markba
  • 85
  • 1
  • 6

1 Answers1

5

Instead of explicitly trusting the intermediate certificates, you should have your web server send the full certificate chain so that a client's trust of the root (not the intermediate) will allow them to validate.

Importing the intermediate manually may fix it on your system, but other people using that OS or others that don't have the intermediate (often phones are problematic) will still have problems.

What web server software are you using?

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • Ahh, your fingers are faster than mine. Have a +1 instead, because I **completely** agree. – MadHatter Dec 06 '12 at 16:21
  • It's an F5 BigIP – markba Dec 06 '12 at 16:26
  • 1
    @markba They have a document on how to set it up to send the full chain, looks like you basically just need import the chain and configure it for use - see [here](http://support.f5.com/kb/en-us/solutions/public/6000/400/sol6401.html). – Shane Madden Dec 06 '12 at 16:34