On 30.3.11 14:56, Ridley wrote: > In think this might be inlne with what Eddy is saying about > intermediates, and explain further why when using intermediates it > does not work as expected.
I guess that he root cause of your problems is again the one described in https://bugzilla.mozilla.org/show_bug.cgi?id=321156#c1 The OP didn't say from which CAs he got his code signing certs, but it if the root has the code signing trust bit ("This certificate can identify software makers") set, then it's simply again bug 321156 which is biting him. In the case of (recent) code signing certs from Verisign and/or Thawte, the situation is further complicated by the fact that their new roots are not enabled for code signing, currently: https://bugzilla.mozilla.org/show_bug.cgi?id=601950 https://bugzilla.mozilla.org/show_bug.cgi?id=602107 Verisign-Thawte-Geotrust-now-Symantec has created additional intermediate certs, however, and these can be used to work around that limitation (contact their support for assistance, if you bought one from them). Kaspar -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
