Firefox browser unable to verify GeoTrust SSL CA

For some reason, some of our client machines using Firefox browsers are not able to access an internal website that was certed with GeoTrust SSL CA. Some do work and some don't - they request an exception be made. The error says - "Could not verify for unknown reasons"
oitundu1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rockiroadsCommented:
what version firefox you using? this could be something not applicable but maybe a firefox upgrade? Im assuming its fine in other browers like ie
0
rockiroadsCommented:
Oh another thing, I dont know if you can reinstall root certificates eg http://www.geotrust.com/resources/root-certificates/
0
oitundu1Author Commented:
Thanks Rock,

Using Firefox ver. 3.6.8, I assume it's the latest greatest, I tried update option & it says there's nothing else out there that's newer. Yes, it is fine in other browsers, ie, chrome, safari

Tried re-installing root certs, no change.

0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

rockiroadsCommented:
that seems to be the latest. I found this FAQ https://www.secure128.com/faq.aspx?href=#qh and it mentions how to install ceritifcate on a webserver. Since its an internal website, did you check that for certificates?
also this if it helps https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO15065
0
oitundu1Author Commented:
Yes, the Geo Trust certificate was ordered in house and installed by our system engineer. It's a Windows 2003 32bit server. Verified the installation with our System engineer against the link(s) you sent. All looks good.
0
oitundu1Author Commented:
Also uninstalled/re-installed FF & removed directory from Program Files. Again no change.
0
rockiroadsCommented:
I was checking the knowledgebase on geotrust https://knowledge.geotrust.com/support/knowledge-base/index?page=answers&startover=y&ichbox[]=en_US&question_box=unable+to+verify but didnt find much. it talks about obtaining an intermediate ca.

if u get no joy here, maybe contact their online support to see what they say
https://www.geotrust.com/about/contact/support-form/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
oitundu1Author Commented:
Thx. I'll look into this
0
oitundu1Author Commented:
Thanks, the intermediate cert (or lack thereof) was the problem.
0
ParanormasticCryptographic EngineerCommented:
GeoTrust was slated to do an upgrade on July 22, 2010 (not sure yet if that's the date it actually happened on) - any certs issued after that point now have the new GeoTrust SSL CA intermediate certificate as part of their root certficate chain.  This was not the case before, so if you were an existing customer and are wondering what the deal is with the new cert - that's it.  You need to install the intermediate cert on your webserver so the client can pull it for validation - the client will only know about the GeoTrust Global CA root, which is all that it had to verify before.
0
ParanormasticCryptographic EngineerCommented:
They should have emailed you the full certificate chain or linked to it when you received your new cert.  Otherwise you can check the repository as suggested above
0
oitundu1Author Commented:
Hit the nail right on the head - aling with the appropriate backup documentation
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.