Re: R: Cert signed by own CA and IE

Sun, 20 May 2001 03:40:11 -0700 

Looked at your config and its broken
Missing SSLCertificateChainFile and SSLCACertificatePath or
SSLCACertificateFile.
Read thier significates.
To build a SSLCACertificateFile you must cat PEM certificates in a single
file (pretty convinient IMO). To build the SSLCertificateChainFile do the
same with the server certificate plus the ROOT certificate, additionally
SSLCertificateChainFile and SSLCertificateFile can be the same file.

Diego

----- Original Message -----
From: "Arcady Genkin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 16, 2001 10:01 PM
Subject: Re: R: Cert signed by own CA and IE


> "Andrea Cerrito" <[EMAIL PROTECTED]> writes:
>
> > > > > Connecting to a secure site with a certificate signed by own CA,
IE
> > > > > seems to provide no obvious way of permanently adding the cert to
the
> > > > > browser's configuration.  As a result, a warning that "The
security
> > > > > certificate is issued by a company you have not chosen to
trust..." is
> > > > > displayed every time I'm trying to establish a connection.  Is
there a
> > > > > fool-proof way to permanently add a certificate or tell IE that
the CA
> > > > > is to be trusted?
> > > >
> > > > Show Certificate / Install Certificate.
> > >
> > > I tried that, and it didn't work.  It told me that the certificate was
> > > installed successfully, but once I quit IE, restart it, and load the
> > > page again, it displays the same warning again.
> > >
> > > The minimal html page I'm experimenting with is at
https://www.thpoon.com
> > > If anyone would try to install the certificate from it in IE: maybe I
> > > did something wrong with configuration?
> >
> > I wasn't able to install it.  Can u print your conf?
>
> You mean from httpd.conf?  Since it's huge, I've posted it at
>
>   http://www.thpoon.com/tmp/httpd.conf
>
> rather than sending to the list.  The SSL-related stuff is at the
> bottom of it.
>
> Thanks!
>
> p.s.  This is a repost, since I have replied from a different email
> address than the one I've subscribed from and I'm afraid that it
> didn't come through.  Sorry if this is a dupe.
> --
> Arcady Genkin
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to