Hi guys,
can me somebody explain how to import Verisign certificate (SSL Certificates with Extended Validation)?
I done this many times, but today I have problem with it. This is first time, that I import SSL certificate with "extended validation", but I think technique is the same. I'm right?
ok, step by step:
1. I sent CSR to verisign
2. I got certificate for my domain in x509 format. I don't know what the format of the file was, but all certificates (all cert.chain) was in one part:
-----BEGIN CERTIFICATE-----
asdadas all 4 certificates <cut>
-----END CERTIFICATE-----
I have import this file to browser and export as 'chain'. I got one x509 format file, with 4 certificates:
-----BEGIN CERTIFICATE-----
my service <cut>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CA EV certificate <cut>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CA certificate <cut>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ROOT-CA certificate <cut>
-----END CERTIFICATE-----
3. CSS SSL configuration is ok. I done this many times. Certificate and private key verification is ok. But client browser shows:
"my.domain.com uses an invalid security certificate. The certificate does not come from a trusted source. (Error code: sec_error_untrusted_cert)"
ok, maybe intermediate certificate is missing (well-known problem: http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a00801e8071.shtml)
by the way, this intermediate certificate (Secure Site Pro with EV Root bundle: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657) is included in the certificate.
I tried add it to the end of the certificate, but the same result.
Where is the problem? Thanks for help.
martin