Question: SHA-2 Certificates and IIS 6 Issues
Has anyone had fun with FF not trusting the new SHA-2 certs ?
"The certificate is not trusted because the issuer certificate is unknown."
I've added the intermediate certificate and root CA on my web server, but I still get the same issue -
https://www.digicert.com/ssl-certificate-installation-microsoft-iis-5-6.htm
Only FF is affected as I'm guessing it's CA bundle doesn't include the new SHA-2 root CA.
Thanks!
Answers
Fixed!
https://community.qualys.com/thread/13775
IIS is a pain in the @rse !!!
Basically, make sure you delete the old USERTrustRSAAddTrustCA certificate first via the snap-in.
Otherwise IIS will pick the old incorrect one when it presents the chain (well, it did in my case anyway)...