Paul wrote:
>> But how to tell your customers that you do not support all certs of
>> the MS Root Certificate Program??
> That's unexplanable to a user :-(
> If possible, you could add the trouble CA's yourself and import all
> others. I only had troubles with Verisign.

Some news:
These VeriSign certificates with the same name use the same public key,
I didn't notice this. So it is ok to keep only one of them, 
(preferable the one that expires later) that won't break anything and
prevents the openssl bug from triggering. Generally ensure that there 
are no name duplicates in the store, often when a CA certificate has 
expired a renewed certificate (same public key) is issued and installed
with the automatic windows update wheras the expired one is not deleted.  

Arno Garrels
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to