Hi.

 

Two months ago, we installed our SSL certificate with stunnel succesfully. That certificate was issued by Verisign. We did not experience any issues.

 

A few weeks ago, we had to renew that certficate and after doing that, we started to get 'Invalid certificate' errors form our web site users. It seems that the new certificate issued by Verisign, has changed its hierarchy, and browsers like FF that do not have one of the necessary intermediate certificate registered fail.

 

This is the new hierarchy:

- VeriSign Class 3 Public Primary Certification Authority - G5

      - VeriSign Class 3 Secure Server CA - G3

           - www.b-kin.com

 

It is the 'VeriSign Class 3 Secure Server CA - G3' certificate the one that most FF browsers do not have registered, and so the browsers reject the request with an 'Invalid certificate' message.

 

To solve this issue, we are trying to incorporate the 'VeriSign Class 3 Secure Server CA - G3' certificate in the .pem file, where our www.b-kin.com certificate is installed. We have tried to include the Verisign certificate first and then the other one; and the other way round, first our certificate and then the Verisign one, but without success. The Verisign certificate has been directly taken from the Verisign web site.

 

The .pem file has following structure:

Bag Attributes heading section

.....

-----BEGIN RSA PRIVATE KEY-----

.....

-----END RSA PRIVATE KEY-----

Bag Attributes heading section

-----BEGIN CERTIFICATE----- /*We have alternated to put here the www.b-kin.com or the Verisign certificate*/

.....

-----END CERTIFICATE-----