When I used `make certificate TYPE=custom' I was following a HOWTO which included a comment about making CommonName exactly equal to the FQDN of the server. I accidentally did that on the step where I was generating the CA. When I got to my certificate I realized my mistake and set it there as well. The result was that all of the fields of both certificates matched. The result worked fine on Mozilla and Voyager (3com Audrey) and with `openssl s_client' but not on MSIE, where it got the dreaded "Cannot find server or DNS error".
I had every other workaround in place with no joy (cache, nokeepalive, the unclean shutdown, degrade to http/1.0, tested them all with `openssl s_client'). When I generated a new certificate being careful to differ a few major fields (most importantly CommonName, I think) and stop/startssl'd Apache it worked (not `restart' and `graceful' did not pick up my new cert). The debug output of openssl is slightly different as well (the verify return messages). And now, lo and behold, it works on MSIE. And I still have a bit of hair left! --Ben ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
