Solved

Firefox browser unable to verify GeoTrust SSL CA

Posted on 2010-08-24
12
3,919 Views
Last Modified: 2012-05-10
For some reason, some of our client machines using Firefox browsers are not able to access an internal website that was certed with GeoTrust SSL CA. Some do work and some don't - they request an exception be made. The error says - "Could not verify for unknown reasons"
0
Comment
Question by:oitundu1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 65

Expert Comment

by:rockiroads
ID: 33513143
what version firefox you using? this could be something not applicable but maybe a firefox upgrade? Im assuming its fine in other browers like ie
0
 
LVL 65

Expert Comment

by:rockiroads
ID: 33513182
Oh another thing, I dont know if you can reinstall root certificates eg http://www.geotrust.com/resources/root-certificates/
0
 

Author Comment

by:oitundu1
ID: 33513685
Thanks Rock,

Using Firefox ver. 3.6.8, I assume it's the latest greatest, I tried update option & it says there's nothing else out there that's newer. Yes, it is fine in other browsers, ie, chrome, safari

Tried re-installing root certs, no change.

0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 65

Expert Comment

by:rockiroads
ID: 33513879
that seems to be the latest. I found this FAQ https://www.secure128.com/faq.aspx?href=#qh and it mentions how to install ceritifcate on a webserver. Since its an internal website, did you check that for certificates?
also this if it helps https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO15065
0
 

Author Comment

by:oitundu1
ID: 33513994
Yes, the Geo Trust certificate was ordered in house and installed by our system engineer. It's a Windows 2003 32bit server. Verified the installation with our System engineer against the link(s) you sent. All looks good.
0
 

Author Comment

by:oitundu1
ID: 33514280
Also uninstalled/re-installed FF & removed directory from Program Files. Again no change.
0
 
LVL 65

Accepted Solution

by:
rockiroads earned 500 total points
ID: 33514366
I was checking the knowledgebase on geotrust https://knowledge.geotrust.com/support/knowledge-base/index?page=answers&startover=y&ichbox[]=en_US&question_box=unable+to+verify but didnt find much. it talks about obtaining an intermediate ca.

if u get no joy here, maybe contact their online support to see what they say
https://www.geotrust.com/about/contact/support-form/
0
 

Author Comment

by:oitundu1
ID: 33514855
Thx. I'll look into this
0
 

Author Comment

by:oitundu1
ID: 33515555
Thanks, the intermediate cert (or lack thereof) was the problem.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 33516217
GeoTrust was slated to do an upgrade on July 22, 2010 (not sure yet if that's the date it actually happened on) - any certs issued after that point now have the new GeoTrust SSL CA intermediate certificate as part of their root certficate chain.  This was not the case before, so if you were an existing customer and are wondering what the deal is with the new cert - that's it.  You need to install the intermediate cert on your webserver so the client can pull it for validation - the client will only know about the GeoTrust Global CA root, which is all that it had to verify before.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 33516223
They should have emailed you the full certificate chain or linked to it when you received your new cert.  Otherwise you can check the repository as suggested above
0
 

Author Closing Comment

by:oitundu1
ID: 33558150
Hit the nail right on the head - aling with the appropriate backup documentation
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question