Why are there two different Thawte Premium Server CA certificates out there?
Thawte distributes one at their root certificates web site:
Serial Number: 36 12 22 96 c5 e3 38 a5 20 a1 d2 5f 4c d7 09 54 Valid From: Wednesday, July 31, 1996 Valid to: Friday, January 01, 2021 Certificate SHA1 Fingerprint: e0 ab 05 94 20 72 54 93 05 60 62 02 36 70 f7 cd 2e fc 66 66 Key Size: RSA(1024 Bits)
but there is a different version distributed with Redhat, Debian, Firefox, and OS X:
Serial Number: 1 (0x1)
Validity
Not Before: AugĀ 1 00:00:00 1996 GMT
Not After : Dec 31 23:59:59 2020 GMT
SHA1 Fingerprint=62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
If I build a certificate chain for an SSL web server using the one from Thawte’s web site, OS X says the site uses an invalid certificate.
*** Update ***
There ARE 2 different Thawte Premium Server CA certificates:
We’ll see if they tell me why they did that…
*** Update 2 ***
Thawte was required by the browser vendors to sign their CA certs with SHA1 instead of MD5. See here: https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AD221
