[EMAIL PROTECTED] wrote:
>
> Hi Damon,
> Could you please put in the corrected part of your httpd.conf file - all
> the directives that are relavant to SSL connections.
OK, this is for the site https://www.motorweb.co.nz.. Try it and you may
I say.
First off, I'm using a Verisign Global ID certificate (ie. SGC).
What I have currently works with MSIE 5+ and NS 4.7 (haven't tried other
NS's).
It does work with MSIE 4 but this version of IE doesn't like the Versign
Global certificate (it can't complete the chain) and therefore says it
doesn't trust our site. This is despite the fact that Verisign says the
Global ID's work with MSIE 4+, so I must still have something wrong. At
the bottom of this message is the ssl_engine_log of the server starting
up and MSIE 4.7 trying to connect. Can someone point out why the
intermediate_ca doesn't seem to get to IE? Is it because IE is
connecting with SSLv2?
Anyway, here's the relevant lines from my httpd.conf
--- httpd.conf ---
Listen 443
# SSL session cache is required to get around MSIE bugs
SSLSessionCache dbm:/var/log/httpd/ssl_cache
SSLSessionCacheTimeout 300
<VirtualHost 210.55.172.141:443>
ServerName www.motorweb.co.nz
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/intermediate-ca.crt
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel trace
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
--- ssl_engine_log ---
Init: Loading certificate & private key of SSL-aware server
www.motorweb.co.nz:443
Init: (www.motorweb.co.nz:443) unencrypted RSA private key - pass phrase
not required
Init: Configuring server www.motorweb.co.nz:443 for SSL protocol
Init: (www.motorweb.co.nz:443) Creating new SSL context (protocols:
SSLv2, SSLv3, TLSv1)
Init: (www.motorweb.co.nz:443) Configuring permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
Init: (www.motorweb.co.nz:443) Configuring RSA server certificate
Init: (www.motorweb.co.nz:443) RSA server certificate enables Server
Gated Cryptography (SGC)
Init: (www.motorweb.co.nz:443) Configuring RSA server private key
Init: (www.motorweb.co.nz:443) Configuring server certificate chain (1
CA certificate)
Connection to child 2 established (server www.motorweb.co.nz:443, client
210.55.82.41)
Seeding PRNG with 0 bytes of entropy
OpenSSL: Handshake: start
OpenSSL: Loop: before/accept initialization
OpenSSL: Loop: SSLv2 read client hello A
OpenSSL: Loop: SSLv2 write server hello A
OpenSSL: Loop: SSLv2 read client master key A
OpenSSL: Loop: SSLv2 server start encryption
OpenSSL: Loop: SSLv2 write server verify A
OpenSSL: Loop: SSLv2 read client finished A
OpenSSL: Loop: SSLv2 write request certificate A
OpenSSL: Loop: SSLv2 write server finished A
Inter-Process Session Cache: request=SET status=OK
id=82EBC78C51D8403F32DA3EA9C62507DC timeout=299s (session caching)
OpenSSL: Handshake: done
Connection: Client IP: 210.55.82.41, Protocol: SSLv2, Cipher:
EXP-RC4-MD5 (40/128 bits)
Connection to child 2 closed with standard shutdown (server
www.motorweb.co.nz:443, client 210.55.82.41)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
