To my knowledge the Netscape behaviour is actually the normal one. If the server certificate is not installed in their browser Trusted certificate store (ot its higher parent) then there is no way its going to recognize it as a trusted certificate.
Regards Jose -----Original Message----- From: J. B. Chambers [mailto:[EMAIL PROTECTED]] Sent: 03 October 2002 17:41 To: [EMAIL PROTECTED] Subject: NS7 sees cert diff in Apache 1.3+mod_ssl and Apache 2 Hi. My production server is currently running Server: Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6g and I'm test driving Server: Apache/2.0.42 (Unix) mod_ssl/2.0.42 OpenSSL/0.9.6g I have a secure server certificate from Verisign, and the intermediate cert from their website installed as the SSLCertificateChainFile. Things work fine on the production platform. On the test platform, things work fine using IE6 or Opera as the browser, and the certificate details are okay on inspection. However, Netscape 7 (and also Mozilla, BTW) returns the error The certificate was issued by a certificate authority that Netscape 7.0 does not recognize which would seem to be a cert chain problem. Probing with openssl s_client does not suggest a server problem. You can, of course, just tell NS7 to permanently accept the cert and continue, but it's upsetting to some users to have to do that. Info at mozilla.org suggests that, at least up til recently, there have been known SSL/TLS issues, but I don't see anything quite like this. Anyone with a similar experience/problem/solution? Thanks in advance. John Chambers <[EMAIL PROTECTED]> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
