[RADIATOR] Certificate Not Trusted - InCommon? [EXT]

Martin Burton mvb at sanger.ac.uk
Wed Jun 2 13:54:53 UTC 2021 

Hi Roberto,

That issuing certificate is an intermediate that is actually signed by:

Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority

So the USERTrust RSA Certification Authority certificate will be the one that most devices will actually know about by default.

You should send the InCommon RSA Server CA certificate as part of the chain along with your own server certificate.

Hope that helps.

Regards,

Martin.


> On 1 Jun 2021, at 16:35, Ullfig, Roberto Alfredo <rullfig at uic.edu> wrote:
> 
> This has always been an issue for us. Whenever a user connects for the first time they get "certificate not trusted". Is this because the certificate is issued by:
> 
>         Issuer: C=US, ST=MI, L=Ann Arbor, O=Internet2, OU=InCommon, CN=InCommon RSA Server CA
> 
> So, most (maybe all) devices do not install the InCommon CA? What's the best solution for this? Should users manually install the InCommon CA first before connecting?
> 
> ---
> Roberto Ullfig - rullfig at uic.edu <mailto:rullfig at uic.edu>
> Systems Administrator
> Enterprise Applications & Services | Technology Solutions
> University of Illinois - Chicago
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au <mailto:radiator at lists.open.com.au>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.open.com.au_mailman_listinfo_radiator&d=DwICAg&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=Pmm7Evpg3H5MI4_C7ltAOg&m=gpK8hUbtc7SYuPwiGksef-6z7s8D3bO5h8YLGiUCRXs&s=wsBerJ1VkDD_cN-nV1KQo2Lm8pvP6TxJ21eWRsaRSm4&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.open.com.au_mailman_listinfo_radiator&d=DwICAg&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=Pmm7Evpg3H5MI4_C7ltAOg&m=gpK8hUbtc7SYuPwiGksef-6z7s8D3bO5h8YLGiUCRXs&s=wsBerJ1VkDD_cN-nV1KQo2Lm8pvP6TxJ21eWRsaRSm4&e=>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20210602/fb7e2341/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20210602/fb7e2341/attachment.sig>

More information about the radiator mailing list