1

We have strange problem where IE7 shows no signs of error, but Firefox and Linux tools do. For example, a wget test one might use in monitoring SSL availability for systems (Public DNS and IP addresses anonymized):

wget https://subdomain.website.edu
--2009-09-02 14:11:06--  https://subdomain.website.edu/
Resolving subdomain.website.edu... 192.168.227.87
Connecting to subdomain.website.edu|192.168.227.87|:443... connected.
ERROR: cannot verify subdomain.website.edu's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA':
  Unable to locally verify the issuer's authority.
To connect to subdomain.website.edu insecurely, use `--no-check-certificate'.
Unable to establish SSL connection

"Unable to locally verify the issuer's authority," it says. Is there something wrong with the cert, or something wrong with the local systems verifying the cert?

jldugger
  • 14,342
  • 20
  • 77
  • 129

1 Answers1

2

Your certificate is probably signed by a certificate that is directly trusted by your browser. Your web server is not providing the intermediate certificates between a certificate your system trusts and the certificate for the site.

If your web server is apache you probably need to use the SSLCertificateChainFile and the appropriate certificate bundle from your Verisign so your web server can provide all the certificates needed to build up the chain of certificates.

Zoredache
  • 130,897
  • 41
  • 276
  • 420