<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">Works fine on my Windows Vista 32-bit with up-to-date Firefox.<br> <br></div><div class="gmail_extra"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font size="2"><span style="font-family:verdana,sans-serif">Hartmut W Sager - Tel +1-204-339-8331, +1-204-515-1701<br></span></font><br></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 12 June 2015 at 14:18, Wyatt Zacharias <span dir="ltr"><<a href="mailto:wyatt@magitech.ca" target="_blank">wyatt@magitech.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>So we recently upgraded our SSL certificate to SHA256 to meet Google's new security policies, </div><div>and now we're getting very isolated incidents where browsers do not trust the new certificate because</div><div>the don't trust the CA that issued them. It first started from on a couple of our internal workstations</div><div>but we now have a customer with the same issue. From what I can see, it looks like the browser is</div><div>not seeing the first certificate in the chain, which is the Verisign root certificate, and then it doesn't</div><div>trust the rest of the chain. </div><div><br></div><div>Here's what our correct chain looks like: </div><div><img src="cid:ii_14de930a338ff48d" alt="Inline image 1" width="406" height="138"><br></div><div><br></div><div>And here's what I see on the clients with the error:</div><div><img src="cid:ii_14de93134f3a0391" alt="Inline image 2" width="381" height="157"><br></div><div><br></div><div>Could it be an issue on the Apache end, or maybe an obscure issue with Internet explorer? </div><div>It's odd that I don't even see the first certificate in the chain marked as invalid, I just don't see</div><div>a certificate at all.</div><div><br></div><div>If anyone cares to give it try for themselves, <a href="https://www.mb.bluecross.ca" target="_blank">https://www.mb.bluecross.ca</a> let me know if you get</div><div>an error. </div><br clear="all"><div><div><div dir="ltr"><div>--</div>Wyatt Zacharias<div><br></div></div></div></div>
</div>
<br>_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" rel="noreferrer" target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
<br></blockquote></div><br></div></div>