SSL certificate unrecognized by Camino

Discussion in 'Apple' started by Scott Lowe, Jun 29, 2004.

  1. Scott Lowe

    Scott Lowe Guest

    I run my own internal certificate authority, and have already gone
    through the procedures for updating the X509Anchors keychain to add my
    CA's certificate. Normally, this would allow certificates issued by my
    CA to be recognized by Mac OS X as valid. (As a side note, I'm running
    10.3.4.)

    However, Camino 0.8 is complaining, for one internal site, that the
    "server identity cannot be verified." Safari does not issue the same
    warning. I have verified, using OpenSSL, that the name on the
    certificate matches the FQDN I'm accessing, and I've verified again
    that the issuing CA's certificate is stored in the X509Anchors keychain.

    Is this a Camino problem, or a Mac OS X problem? If the problem lies
    with Camino, can anyone point me in the right direction to help
    troubleshoot this issue?

    Thanks in advance for your help.
     
    Scott Lowe, Jun 29, 2004
    #1
    1. Advertisements

  2. I would guess that it is a Camino issue, perhaps it doesn't use the keychain.
    I had a similar issues with Entourage in Office X. I have my own mailserver
    that has a certificate signed by a CA not recognized by Entourage and IE,
    I use smtp/pop3 over SSL. But with the recent MS Office upgrade, MS started
    using the X509Anchors keychain and I no-longer have the problem after installing
    the CA certificate into the X509Anchors. I don't use IE, so I don't worry
    about it.
     
    read_the_signature, Jun 30, 2004
    #2
    1. Advertisements

  3. Scott Lowe

    Scott Lowe Guest

    Thanks for the reply, John. To further complicate matters, this is a
    site hosted on Apache. I'm not an Apache expert, so I'm not completely
    sure if the source of the problem is Apache, Mac OS X, Camino, my
    internal root CA, or something else entirely.

    I guess I'll figure it out eventually. Thanks again for the response.
     
    Scott Lowe, Jun 30, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.