--On Wednesday, May 19, 2004 10:50:44 AM -0700 Christopher McCrory <[EMAIL PROTECTED]> wrote:
On Wed, 2004-05-19 at 09:46, Bill MacAllister wrote:Hello,
I am having problems with a brand new Verisign 128 bit certificate that has just be purchased. I have installed the certificate and the intermediate CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance.
Did you get a new intermediate cert (intermediate.crt) from Verisign also? This also goes in the apache config. directions somewhere on verisigns site.
Yes. The only certificate that has ever been on my servers is the new CA cert.
Actually there are multiple references on the Versign site:
http://www.verisign.com/support/install/apache/v00Mod.html#global http://www.verisign.com/support/site/caReplacement.html
Of course, while both describe the same issue they suggest slightly different Apache directives. Respectively the two suggestions are:
SSLCertificateFile /etc/ssl/crt/public.crt SSLCertificateKeyFile /etc/ssl/crt/private.key SSLCertificateChainFile /etc/ssl/crt/intermediate.crt
and
SSLCACertificateFile /etc/ssl/crt/intermediate.crt
I have tried both and neither method works for IE.
Bill
What I am seeing is the Netscape and Mozilla connect to the site just fine. When I connect to the site with IE 6 the security window pops up telling be that the certificate has either expired or is not valid yet. When I look at the certificate the intermediate CA cert that IE is using is the expired cert that was installed with IE. I tried removing the old intermediate CA cert from IE altogether and it still will not load the intermediate CA cert from my server.
I am not really sure what to try at this point. Oh, yes, Verisign support has been pretty much useless.
Help suggestions will be greatly appreciated.
Bill
+--------------------------------------------------- | Bill MacAllister | 14219 Auburn Road | Grass Valley, CA 95949 | 530-272-8555 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]-- Christopher McCrory "The guy that keeps the servers running"
[EMAIL PROTECTED] http://www.pricegrabber.com
Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works.
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
+--------------------------------------------------- | Bill MacAllister | 14219 Auburn Road | Grass Valley, CA 95949 | 530-272-8555 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
