<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Roberto,<div class=""><br class=""></div><div class="">That issuing certificate is an intermediate that is actually signed by:</div><div class=""><br class=""></div><div class="">Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority</div><div class=""><br class=""></div><div class="">So the USERTrust RSA Certification Authority certificate will be the one that most devices will actually know about by default.</div><div class=""><br class=""></div><div class="">You should send the InCommon RSA Server CA certificate as part of the chain along with your own server certificate.</div><div class=""><br class=""></div><div class="">Hope that helps.</div><div class=""><br class=""></div><div class="">Regards,</div><div class=""><br class=""></div><div class="">Martin.</div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 1 Jun 2021, at 16:35, Ullfig, Roberto Alfredo <<a href="mailto:rullfig@uic.edu" class="">rullfig@uic.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">This has always been an issue for us. Whenever a user connects for the first time they get "certificate not trusted". Is this because the certificate is issued by:</div><div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""><br class=""></div><div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""> Issuer: C=US, ST=MI, L=Ann Arbor, O=Internet2, OU=InCommon, CN=InCommon RSA Server CA<br class=""></div><div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""><br class=""></div><div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">So, most (maybe all) devices do not install the InCommon CA? What's the best solution for this? Should users manually install the InCommon CA first before connecting?</div><div style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""><br class=""></div><div id="Signature" class=""><div class=""><div class=""></div><div id="divtagdefaultwrapper" style="font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Arial, Helvetica, sans-serif;" class=""><div style="font-family: Tahoma; font-size: 13px;" class="">---<div class=""><span id="ms-rterangepaste-start" class=""></span><span style="font-family: arial, helvetica, sans-serif; font-size: 13px; line-height: 16.003px;" class="">Roberto Ullfig -<span class="Apple-converted-space"> </span><a href="mailto:rullfig@uic.edu" class="">rullfig@uic.edu</a></span><br style="font-family: arial, helvetica, sans-serif; font-size: 13px; line-height: 16.003px;" class=""><span style="font-family: arial, helvetica, sans-serif; font-size: 13px; line-height: 16.003px;" class="">Systems Administrator</span><br style="font-family: arial, helvetica, sans-serif; font-size: 13px; line-height: 16.003px;" class=""><span style="font-family: arial, helvetica, sans-serif; font-size: 13px; line-height: 16.003px;" class="">Enterprise Applications & Services | Technology Solutions</span><br style="font-family: arial, helvetica, sans-serif; font-size: 13px; line-height: 16.003px;" class=""><span style="font-family: arial, helvetica, sans-serif; font-size: 13px; line-height: 16.003px;" class="">University of Illinois - Chicago</span><div class=""><span id="ms-rterangepaste-end" class=""></span></div></div></div></div></div></div></div><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">_______________________________________________</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">radiator mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="mailto:radiator@lists.open.com.au" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">radiator@lists.open.com.au</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.open.com.au_mailman_listinfo_radiator&d=DwICAg&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=Pmm7Evpg3H5MI4_C7ltAOg&m=gpK8hUbtc7SYuPwiGksef-6z7s8D3bO5h8YLGiUCRXs&s=wsBerJ1VkDD_cN-nV1KQo2Lm8pvP6TxJ21eWRsaRSm4&e=" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.open.com.au_mailman_listinfo_radiator&d=DwICAg&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=Pmm7Evpg3H5MI4_C7ltAOg&m=gpK8hUbtc7SYuPwiGksef-6z7s8D3bO5h8YLGiUCRXs&s=wsBerJ1VkDD_cN-nV1KQo2Lm8pvP6TxJ21eWRsaRSm4&e=</a><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class=""></span></div></blockquote></div><br class=""></div></body></html>