On Fri, Apr 09, 1999, Lyndon Nerenberg wrote:
> According to README.GlobalID, mod_ssl should work with a Verisign
> GlobalID certificate. The examples don't show how to do it with the
> real thing, though. Specifically, where does the Intermediate CA
> Certificate fit into things? This seems to be necessary to get the
> browsers to recognize the "VeriSign International Server CA - Class 3"
> that signs the GlobalID certs.
>
> Has anyone actually made this work? If not, are there plans to? Or
> references to show what would have to be changed in apache/mod_ssl to
> get this working?
First, I'm sure you don't have to change anything in mod_ssl to make it
working. Second, the intermediate CA is just a matter for the client and not
for mod_ssl. For mod_ssl the Global ID cert is nothing more than a standard
cert. It just has some additional X.509v3 extensions. So you've to add it to
the client to let it recognize it. Or you can add the CA cert to the
SSLCACertificatePath and let mod_ssl pick it up there while sending the server
cert chain. BTW, the reason why the README.GlobalID doesn't talk about a real
cert situation is because I cannot afford a real cert myself. So I was only
able to emulate it by creating a similar cert and patching Netscape.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
