We use Thawte for SSL certs and recently had to renew. Certs with a 2048 bit key are now required, and we had to follow something along the lines of this post to get it done:
New GeoTrust SSL certificates and Android users
where we used the newer root CA cert from Thawte and the two intermediates bundled, all in the commercial_ca.crt file - this was the only combination that would get past the verifycrt step of the zmcertmgr tool and deploy successfully. Also we had to modify the zmcertmgr tool because 1024 key size is hardcoded.
All seems OK, but we fail any SSL cert validation tools such as https://ssl-tools.verisign.com - it looks as if we should not be including the root CA cert in the file, but there's no other way to get it to pass the verification step.
Has anyone else successfully deployed a 2048 bit Thawte cert that passes
an SSL checker? Thanks.