On Thursday 03 Apr 2014 22:38:05 Mick wrote: > If you examine the X509 structure, you will see a field like this: > > X509v3 Basic Constraints: > CA:TRUE > > If it were an intermediate certificate it would say: > > X509v3 Basic Constraints: > CA:FALSE > > This is what your browser is warning you about.
It was actually a warning in /var/log/apache2/ssl_error_log. --->8 > In any case, unless you obtain a certificate which has been signed by a CA > that is included in the default browser root CA certificates, random > visitors are bound to get a browser warning about the CA that issued the > certificate not being recognised as a trusted root CA by the browser. > > If they are instructed by you to accept said certificate as a trusted root > CA in their browser, then the problem will go away as long as they are > using the same browser on each visit. That's the sort of thing I was concerned about. Now, after following Alan's advice, I get a warning from my browser (Firefox or Opera) that the certificate is self-signed, but for my own purposes I can live with that. -- Regards Peter
