I did exactly as suggested, and the dates are certainly valid.
Unfortunately the FAQ shows how to create the certs on Unix using shell
scripts supplied by OpenSSL. My install does not include NT versions of
these. Ideas?
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mads Toftum
> Sent: Tuesday, April 25, 2000 1:36 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Certificate date problem with IE
>
>
> On Tue, Apr 25, 2000 at 10:41:33AM -0400, Kirk Benson wrote:
> > Hi all,
> >
> > I have installed the OpenSA/0.20 Apache/1.3.12 (Win32) mod_ssl/2.6.2
> > OpenSSL/0.9.5 load under NT4. This includes the snake-oil ca and server
> > certs.
> >
> > For HTTPS testing purposes, I have installed the snake-oil CA
> as a trusted
> > CA. When I access my site with IE4, I'm informed via a popup
> dialog that
> > the certificate is "expired or not yet valid". When I select the View
> > Certificate option, I see that the expiration date is 10/20/01
> 6:21:51 PM
> > and the effective date is 10/21/99 6:21:51 PM. Chosing to
> continue, I am
> > able to establish the SSL session.
> >
> > My problem is that I am using two test-driver programs that use the
> > web-access functionality of IE. Both of these fail with "communications
> > error 12037", meaning the certificate date is invalid or
> expired. I have no
> > way of overiding the certificate acceptance in these programs.
> >
> > Has anyone else seen this problem? Could it be a Y2K bug in IE4? The
> > modssl document suggests building certs with a script in the
> root directory
> > of the Apache source tree, however OpenSA does not supply this script.
> >
> > Any suggestions would be appreciated.
> >
> This seems quite strange, as the certs (at least in 2.6.3) will
> not expire
> before some time in october next year.
> You could try examining the certs manually:
> openssl x509 -in snakeoil-rsa.crt -text -noout
> just to make sure that they haven't made a mistake and added some old
> certificates to opensa. You could also try making your own certs according
> to the instructions in the manual:
> http://www.modssl.org/docs/2.6/ssl_faq.html#ToC24
>
>
> vh
>
> Mads Toftum
> --
> `Darn it, who spiked my coffee with water?!' - lwall
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
