Apache: httpd-2.0.40 OpenSSL: openssl-0.9.6g
On a same HTTPS Apache server and with same client certificate, all connections from MSIE have failed, but all NS connections are issued properly. MSIE with same client certificate, and same trusted intermediate authority one HTTPS Iplanet server 4 connect properly. MSIE connect properly to HTPPS Apache sever when i use a certificate that is signed directly by root CA not from intermediate CA. I use SSLV3 Protocol to protect a sub-directory with this setting: <Location "/cert"> SSLVerifyDepth 2 SSLVerifyClient require SSLCACertificateFile R:\PDCI\dciweb\Apache2\dciwebca.crt SSLOptions +ExportCertData +OptRenegotiate </Location> Log file with debug setting gives: God connection with NSE V4.7 [Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1, subject: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters Financial SoftWare test [EMAIL PROTECTED], issuer: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters Financial SoftWare test [EMAIL PROTECTED] [Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0, subject: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=RCF User [EMAIL PROTECTED], issuer: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters Financial SoftWare test [EMAIL PROTECTED] [Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read client certificate A [Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read client key exchange A [Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read certificate verify A Bad connection vith MSIE 6 [Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1, subject: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=RCF User [EMAIL PROTECTED], issuer: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters Financial SoftWare test [EMAIL PROTECTED] [Mon Sep 30 14:55:01 2002] [error] Certificate Verification: Error (24): invalid CA certificate [Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1864): OpenSSL: Write: SSLv3 read client certificate B [Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1883): OpenSSL: Exit: error in SSLv3 read client certificate B Best regards [EMAIL PROTECTED]<Olivier Baulier> ------------------------------------------------------------- --- Visit our Internet site at http://www.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]