Test Web Server Certificate
To see how this inclusion page fits in with similar ones, perhaps see one of
Testing a Recently Changed Web Server Certificate
It is easy to check what certificate is being presented using
the
FireFox browser.
However, you should verify that the
OrganizationSSL Intermediate Root Certificate
has been installed correctly.
FireFox will show you the chain of certificates, but a problem
is it might have remembered the intermediate certificate from another
University of Waterloo site.
You can ensure
FireFox gets the certificate from your web server
by creating a new, empty profile using
arpepper@cscfpc20:~$ firefox -no-remote -ProfileManager
Choose "Create Profile" and then complete the one-step wizard
to create a new empty profile (you just need to choose a name),
and then click on that profile to start a session using it.
And then immediately browse to an https page on the server
whose certificate you have just updated.
There should be no negative diagnostics, although the default
warning about an encrypted page should occur.
With version of
FireFox available as I write this page, choose
[Tools] => [Page Info]
[Security] => [View Certificate]
The Expiry Date is visible (although the date format is obscure).
[Details]
should show you the Intermediate Certificate as
GlobalSign Organization Validation CA - G2; you should be able to
confirm the validity dates. (Although it's a little painful).
(Older certificates will have been using simply
GlobalSign Organization Validation CA).
Although this facility should remain available in future
FireFox, details of the interface will probably change.
For tidiness, you probably want to immediately delete your new
profile using the dialog generated by:
arpepper@cscfpc20:~$ firefox -no-remote -ProfileManager
and then selecting it for [Delete].
(You will want a brand new profile for any future tests; this
one will have become "contaminated").
| If the certificate chain was not set up correctly, you will probably have difficulty even navigating to the page in question--You will get errors complaining about an untrusted certificate authority. |
--
AdrianPepper - 01 Jun 2012
There is a website that verifies certificates:
http://www.digicert.com/help/
It seems to go beyond what even
FireFox wants - if the certificate chain is out of order it will display the links in red, even though all the appropriate certificates are present.
--
IsaacMorland
Referers
This topic IncludeCertTestWWW is referred to by...
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.