Paul wrote: >> But how to tell your customers that you do not support all certs of >> the MS Root Certificate Program?? > > That's unexplanable to a user :-( > If possible, you could add the trouble CA's yourself and import all > others. I only had troubles with Verisign.
Some news: These VeriSign certificates with the same name use the same public key, I didn't notice this. So it is ok to keep only one of them, (preferable the one that expires later) that won't break anything and prevents the openssl bug from triggering. Generally ensure that there are no name duplicates in the store, often when a CA certificate has expired a renewed certificate (same public key) is issued and installed with the automatic windows update wheras the expired one is not deleted. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be