Guys, I'm trying to set up an Apache server to share SSL sites and certificates. So far with not much luck. Following Nelson's earlier description, I've turned off SSL v2 in all the browsers I've tested with (Firefox and Konqueror), and also I've turned it off in the Apache web server (Apache 2 on Linux).
But the Apache web server still insists on presenting only one certificate (even though it has accepted the various other SSL sites in the vhosts config). Why that is is another story, but there is one furfie I noticed with Firefox in this: When Firefox goes to one of the non-default sites, it is presented with the default cert and indicates it is wrong. I then click through and accept it, so https is opened up on the site. But, down in the bottom right, instead of displaying the correct details about the certificate that is in use, it displays the host name that we went to. Further, a mouse-over displays "Signed by ThisCA". I think this part is "correct" and that the hostname displayed is the wrong one taken from the wrong place - the URL and not the cert. (The statement made should be that the cert is CertName signed by CertAuthority as that is the only thing that is known for sure.) This can be seen by going to http://koalagold.com/ and clicking through. The cert presented is not koalagold's but is financialcryptography's. The bottom right shows koalagold.com and a mousover of "Signed by CACert." Now one caveat, the Firefox I tested this on is 1.0 on a Linux box. So before filing a bug on this ... is this fixed in later versions? (I have no access to a later Firefox at the moment.) iang -- http://iang.org/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
