Re: [Fed-Talk] "invalid issuer" on a certificate despite valid issuer certificate
Re: [Fed-Talk] "invalid issuer" on a certificate despite valid issuer certificate
- Subject: Re: [Fed-Talk] "invalid issuer" on a certificate despite valid issuer certificate
- From: David Mueller <email@hidden>
- Date: Fri, 25 Oct 2013 10:34:26 -0700
Glitchy certificate behavior I've observed is sometimes related to OCSP/CRL checking. The configuration setting is in Keychain Access. You can temporarily disable it to see if it makes a difference.
I also once ran into a situation where a certificate was showing as revoked in the CRL, but was still being presented by the web server. A short time later, the web server started presenting a new, valid certificate.
- David
On Oct 25, 2013, at 10:25 AM, Noam Bernstein wrote:
> Things are getting even weirder. One certificate that showed the behavior I described before was NKO.
>
> I manually got the www.nko.navy.mil certificate with "openssl s_client -showcerts", imported it into the login keychain, and it showed up as valid (despite earlier showing up as invalid in Safari and Chrome). I then deleted it from the login keychain, and now Safari and Chrome both still say it's valid.
>
> Noam
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden