On 11/30/2014 11:34 AM, Lee wrote: > On 11/18/14, NoOp <[email protected]> wrote: >> On 11/18/2014 06:34 AM, Jim wrote: >>> NoOp wrote: >>>> On 11/15/2014 02:01 PM, Jim wrote: > <.. snip bit about 20 char passwords ..> >>>> >>>> >>> The sites are -- logging into the tricare portal through tricareonline, >>> and DoD Self-Service logon (https://www.dmdc.osd.mil/dsaccess/). These >>> two sites work together. When you're password expires, it sends you the >>> the second site to change your password. >>> > <.. snip ..> >> Yeah, I'm familiar with that site... Remember what I mentioned about certs? >> ==== >> www.dmdc.osd.mil uses an invalid security certificate. >> >> The certificate is not trusted because the issuer certificate is unknown. >> >> (Error code: sec_error_unknown_issuer) >> ==== >> >> >> You need to make security exceptions for nearly all. > > I'd guess not if you import the DOD CA-27 cert into the SeaMonkey > certificate store. > > Look at the cert returned for www.dmdc.osd.mil & you'll see > CA Issuers: URI: http://crl.disa.mil/sign/DODCA_27.cer > > grab the DODCA_27.cer cert, import it into the SM cert manager / > authorities store, close SM, open and go to https://www.dmdc.osd.mil > > hopefully no more cert warnings :) > > Best Regards, > Lee >
Please send to the list instead of my email address directly - I use the news.mozilla.org news server & gmane so I do not need an additional email - thanks. The DODCA_27.cer cert creates more problems & doesn't work by itself. In order to try to resolve the issue I deleted the DODCA_27.cer that I imported and instead added: <http://dodpki.c3pki.chamb.disa.mil/rootca.html> Those auto-magically pull in the proper DOD CA_27 etc. I had done this in the past & had forgotten to reinstall the DoD Class 3 PKI's. Never-the-less, it's a shame that Vets, AD, and RET have to jump through hoops in order to deal with VA and DOD certs. At least "https://myaccess.dmdc.osd.mil"; uses Verisign so I use that for my DS logon. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
