Eddy Nigg (StartCom Ltd.) wrote, On 2008-06-12 04:16: > Nelson B Bolyard: >> Eddy Nigg (StartCom Ltd.) wrote: >> >>> Just want to ask before opening a new bug: Upon visiting a newly >>> generated server certificate, the OCSP server wasn't ready and/or the >>> certificate chain wasn't complete. Ever since, I can't access this site >>> and receive sec_error_untrusted_cert. Even when using a different sub >>> domain (it's a wild card cert) but the same server cert, the error >>> remains. RC2 didn't solved that problem for me. When using a different >>> profile, everything runs clear. Did anybody else see such a behavior? Is >>> there a way to get out of it?
>> Given that a different profile doesn't experience it, I think the problem >> is that you have some trust flags that need editing on some cert(s) in the >> troubled profile. > > Which file would that be most likely? Somehow this error got stuck and I > can't access the site even though the certificate is valid. All trust flags are kept in the cert DB file, along with the certs to which they are attached. If you have the certutil utility, it would be interesting to see the output of certutil -L for the cert(s) in question. Just be careful not to use it at the same time as your browser or email client are using the DBs. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
