You have to make a link to the intermediate certificate file.
My 'SSLCACertificatesPath' looks as follows:
58546a39.0 -> VeriSign_Trusted_Network.pem
7651b327.0 -> VeriSign_Class_3.pem
The hash value can be calculated with:
openssl x509 -noout -hash -in <certfile>
Thanks. I had the hash link for the intermediate certificate in
SSLCACertificatesPath (where client root certs normally live), but the
primary cert only in the CA path where server roots live. I just
tried making a hash link in the client path and it didn't make any
difference.
However, I think the problem is that 7651b327 is the hash of the old
Verisign class 3 public primary root that expires 12/31/99. GSID's
issued after 1/1/99 are signed with a different root. Old browsers
see the new root and fail to recognize it. I will try to locate the
new root on verisign.com and install it in the client path. Hopefully
it is signed by the old root.
Can you tell me the issue date of your GSID?
The current problem I'm seeing is that GSID's issued after 1/1/1999
don't appear to work with MSIE 4.0, regardless of the server type
(as far as I've tested). I do get a 128 bit connection with Netscape 4.06
with the new root removed, so as mentioned in another message, this
basically looks like an MSIE bug.
Thanks.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
