Test Web Server Certificate

To see how this inclusion page fits in with similar ones, perhaps see one of

Testing a Recently Changed Web Server Certificate

IncludeCertTestWWW
It is easy to check what certificate is being presented using the FireFox browser.

However, you should verify that the OrganizationSSL Intermediate Root Certificate has been installed correctly. FireFox will show you the chain of certificates, but a problem is it might have remembered the intermediate certificate from another University of Waterloo site.

You can ensure FireFox gets the certificate from your web server by creating a new, empty profile using

    arpepper@cscfpc20:~$ firefox -no-remote -ProfileManager

Choose "Create Profile" and then complete the one-step wizard to create a new empty profile (you just need to choose a name), and then click on that profile to start a session using it. And then immediately browse to an https page on the server whose certificate you have just updated. There should be no negative diagnostics, although the default warning about an encrypted page should occur.

With version of FireFox available as I write this page, choose

[Tools] => [Page Info]

[Security] => [View Certificate]

The Expiry Date is visible (although the date format is obscure).

[Details]

should show you the Intermediate Certificate as GlobalSign Organization Validation CA - G2; you should be able to confirm the validity dates. (Although it's a little painful). (Older certificates will have been using simply GlobalSign Organization Validation CA).

Although this facility should remain available in future FireFox, details of the interface will probably change.

For tidiness, you probably want to immediately delete your new profile using the dialog generated by:

    arpepper@cscfpc20:~$ firefox -no-remote -ProfileManager
and then selecting it for [Delete]. (You will want a brand new profile for any future tests; this one will have become "contaminated").

If the certificate chain was not set up correctly, you will probably have difficulty even navigating to the page in question--You will get errors complaining about an untrusted certificate authority.

-- AdrianPepper - 01 Jun 2012

There is a website that verifies certificates: http://www.digicert.com/help/ It seems to go beyond what even FireFox wants - if the certificate chain is out of order it will display the links in red, even though all the appropriate certificates are present.

-- IsaacMorland


IncludeAdrianReferers

Referers

This topic IncludeCertTestWWW is referred to by...
Topic revision: r7 - 2013-02-07 - DrewPilcher
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback