Thanks Mike for that input. However, my worry is I am running on Windows.
Hope Windows versions support the changes!!!
I wanted to set up the SSLSessionCache as well and I am not sure whether
what I am doing here -
> SSLSessionCache dbm:/sslcache
> SSLSessionCacheTimeout 300
is correct. I searched for a Windows specific command.. didn't find one!
Meanwhile, what is SSLCertificateChain file? If I have a global Id, where
will the intermediate 'pem' file can be found? Do I still need one??
Thanks in advance.
Rajaram
Michael Ott
<[EMAIL PROTECTED] To: [EMAIL PROTECTED]
iemens.de> cc:
Sent by: Subject: Re: IE Issues with SSL
owner-modssl-users@
modssl.org
04/04/01 03:07 AM
Please respond to
modssl-users
hallo rajaram!
try it with this. it works on a linux ( Apache_1.3.14, mod_ssl_2.7.2,
openssl_0.9.6)
> SSLMutex sem
> SSLRandomSeed startup builtin
> #Is this statement appropriate in windows??
> SSLSessionCache dbm:/sslcache
> SSLSessionCacheTimeout 300
>
> SSLLog logs/SSL.log
> SSLLogLevel debug
> # You can later change "info" to "warn" if everything is OK
>
> <VirtualHost abc:443>
> SSLEngine On
> SSLCertificateFile conf/ssl/abc.cert
> SSLCertificateKeyFile conf/ssl/abc.key
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> </VirtualHost>
>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/test-cert.pem
SSLCertificateChainFile /etc/httpd/conf/test-intermediateca-cert.pem
SSLCertificateKeyFile /etc/httpd/conf/test-key.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLSessionCacheTimeout 15
SSLVerifyClient 0
SSLVerifyDepth 10
SSLOptions +FakeBasicAuth
SSLLog /var/log/httpd/443_de/ssl.log
SSLLogLevel error
>
Michael Ott
---------------------------------
- Siemens AG - I&S IT PS 51 ERL -
- Werner-von-Siemens-Strasse 60 -
- 91050 Erlangen -
- Tel. +49 91 31 7 42 0 54 -
- [EMAIL PROTECTED] -
---------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]