Ticket #1111 (closed defect: fixed)

Opened 9 years ago

Last modified 9 years ago

Change from CyberTrust Educational to new CA for CEDA and NERC HTTPS Services

Reported by: pjkersha Owned by: pjkersha
Priority: desirable Milestone: CMIP5 Security
Component: security Version:
Keywords: CA Cc:

Description

STFC and NERC issue certificates from the CyberTrust? Educational CA. However, some browsers (versions of Firefox and IE), don't come with this CA bundled and so the user gets warning messages about an untrusted CA.

Make enquiries with STFC and NERC to find out if it is possible to register the relevant domain names with a different CA.

Change History

comment:1 Changed 9 years ago by pjkersha

  • Status changed from new to closed
  • Resolution set to fixed

This turns out to be a bug in the web server configuration. The Apache SSL config needs the SSL certificate and any intermediate CA certificates required to verify back to the root CA. In this case then, the CyberTrust Educational CA cert needs to be included with the  Apache SSLCertificateChainFile directive. Once in place Firefox verification errors disappear. IE worked regardless because in the case where it can't find an intermediate CA certificate, it searches the web for it and downloads whati it finds(!)

Note: See TracTickets for help on using tickets.