On 09.04.2010 15:35, Ulrich Boche wrote: > According to Firefox, the complete chertificate chain is: > > service.lbb.de > > VeriSign Class 3 Secure Server CA - G2 > > Builtin Object Token: Verisign Class 3 Public Primary Certification > Authority - G2 > > The certificate I listed is only the intermediate CA certificate, but > the problem remains: the root CA certificate is missing in Thunderbird.
Not true - Thunderbird also includes "Verisign Class 3 Public Primary Certification Authority - G2" (no matter which version you look at). The problem with service.lbb.de is the one which Eddy surmised: an incomplete chain. A special form of "incomplete", to be precise: it's sending the *wrong* intermediate CA. Tell the people from LandesBank Berlin that they should configure service.lbb.de with the same chain as https:/www.lbb.de... or more specifically, tell them to use the cert from http://svrsecure-g2-aia.verisign.com/SVRSecureG2.cer as the intermediate CA (not the one with "CN=VeriSign Class 3 Secure Server CA", which service.lbb.de currently sends out). Kaspar -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
