diff options
Diffstat (limited to 'docs/manual/ssl/ssl_faq.html.en')
| -rw-r--r-- | docs/manual/ssl/ssl_faq.html.en | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/docs/manual/ssl/ssl_faq.html.en b/docs/manual/ssl/ssl_faq.html.en index b9e9e530..047eaa18 100644 --- a/docs/manual/ssl/ssl_faq.html.en +++ b/docs/manual/ssl/ssl_faq.html.en @@ -276,7 +276,7 @@ Verisign, for installing my Verisign certificate?</a></li> <li><a href="#sgc">Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global ID) with mod_ssl?</a></li> <li><a href="#gid">Why do browsers complain that they cannot -verify my Verisign Global ID server certificate?</a></li> +verify my server certificate?</a></li> </ul> <h3><a name="keyscerts" id="keyscerts">What are RSA Private Keys, CSRs and Certificates?</a></h3> @@ -628,15 +628,23 @@ facility (aka Verisign Global ID) with mod_ssl?</a></h3> <h3><a name="gid" id="gid">Why do browsers complain that they cannot -verify my Verisign Global ID server certificate?</a></h3> -<p>Verisign uses an intermediate CA certificate between the root CA - certificate (which is installed in the browsers) and the server - certificate (which you installed on the server). You should have - received this additional CA certificate from Verisign. - If not, complain to them. Then, configure this certificate with the - <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatechainfile">SSLCertificateChainFile</a></code> - directive. This ensures that the intermediate CA certificate is - sent to the browser, filling the gap in the certificate chain.</p> +verify my server certificate?</a></h3> + <p>One reason this might happen is because your server certificate is signed + by an intermediate CA. Various CAs, such as Verisign or Thawte, have started + signing certificates not with their root certificate but with intermediate + certificates.</p> + + <p>Intermediate CA certificates lie between the root CA certificate (which is + installed in the browsers) and the server certificate (which you installed + on the server). In order for the browser to be able to traverse and verify + the trust chain from the server certificate to the root certificate it + needs need to be given the intermediate certificates. The CAs should + be able to provide you such intermediate certificate packages that can be + installed on the server.</p> + + <p>You need to include those intermediate certificates with the + <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatechainfile">SSLCertificateChainFile</a></code> + directive.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -1046,6 +1054,6 @@ the reason for my core dump?</a></h3> <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/ssl/ssl_faq.html" title="English"> en </a></p> </div><div id="footer"> -<p class="apache">Copyright 2011 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> </body></html>
\ No newline at end of file |