HTTPS and Root.pem...

Andre Garzia soapdog at mac.com
Sun Jun 5 17:08:04 EDT 2005 

Mark,

thank god you're here.

Yes, I have the Thawte Certs, all of them, none of them works. They all 
return the same:

  error -Error with certificate at depth: 1  issuer   = /C=ZA/ST=Western 
Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services 
Division/CN=Thawte Server CA/Email=server-certs at thawte.com  subject  = 
/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA  err 
20:unable to get local issuer certificate

or they return

  error Error loading CA file and/or directory 
/Users/andregar/Desktop/thawte-roots/Thawte Code Signing CA.cer

which I think it's okay since it's the wrong cert.

I even simplified my code to:

   answer file "where's it?"
   set the sslcertificates to it
   get the unicodetext of fld 1
   put simpleencode(it) into tOr
   get the cOrderRequestTemplate of this stack
   replace "%ORDER%" with tOr in it
   put it into fld 2
   post it to URL "https://<secure url removed>"
   put it && the result into fld 3

and it returns that error about not being able to get local issuer...

any clue?
Andre

PS: ... I just redownloaded the Thawte certs and tested them all again, 
no good. It's Rev 2.5 rc 2 here.


On Jun 5, 2005, at 5:58 PM, Mark Waddingham wrote:

> Hi Andre,
>
> [ Thought I posted this yesterday but it must have been from a non-list
> friendly email-address... ]
>
> Have you tried the Thawte Root Certificate (of the appropriate hue)?
>
> http://www.thawte.com/roots/
>
> Every Certificate Authority (CA) has a different root certificate that
> is needed locally for interaction with an HTTPS which has that 
> authority
> as it's root authority.
>
> Any certificate that has been issued actually represents a chain of
> trust: the issued certificate is signed by some trusted entity which
> then has its certificate signed by another trusted entity etc. etc.
> right up til something gets signed by a Certificate Authority.
>
> Roughly, the SSL library will request certificates in turn for each 
> step
> in the chain, verifying as it goes. However, when it gets to the end of
> the chain it has no-one to ask to verify the final (CA) certificate and
> so it must verify it against a local copy.
>
> Warmest Regards,
>
> Mark.
>
> ------------------------------------------------------------------
>  Mark Waddingham ~ 36degrees at runrev.com ~ http://www.runrev.com
>        Runtime Revolution ~ User-Centric Development Tools
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>
-- 
Andre Alves Garzia ð 2004 ð BRAZIL
http://studio.soapdog.org

More information about the use-livecode mailing list