Rod Gilchrist wrote: > Hi, > > We've been using OpenSSL to generate self signed certs for use > with our FreeBSD/Apache web servers for a couple of years now. > Suddenly XP comes along and those certificates don't work for > accesses from IE on XP. (They do work for any other combination > we've tried.) > > Has anyone been able to generate self-signed certs with OpenSSL > that work for access from IE on XP?
This issue been sorted out... The problem appears to be that self signed certificates where the distinguished name of the signing CA and the distinguished name on the certificate are identical are rejected by the combination of IE6.0 and Windows XP. - Rod Steve Zweep wrote: > Hi Francois, > > We're using RC4-SHA here. > > We've also come up with a solution that works with XP/IE6. The procedure > > we used to generate the self-signed certificate was using the same > Distinguished Name information for both the CA certificate and the > server certificate. We changed the Common Name field for the CA > certificate from the FQDN to something like "org_name CA" and could then > > successfully negotiate an SSL connection. Changing the Organization > field also seemed to have the same effect. > > - Steve > > Francois Arsenault wrote: > > > Hello Steve, > > > > I am Happy to see that were are not the only one in that situation. > > > Do you have problem only with the 1024 bits RSA and DES-CBC SHA > cipher? > > > > We will get in touch with Microsoft and ask them for help. > > > > Any solution from you side? > > > > Francois. > > > > > --------------------------------------------------------------------------- > > > > >>Hello Francois, > >> > > > >>Did you find a solution for this. We are having exactly the same > problem. > >> > > > >>- Steve > >> > > > > > >>> We have developed a SSL server for one of our product. > >>> Browsers that support 1024 bits RSA and DES-CBC SHA cipher can > establish a secure communication with that SSL server. > >>> However, we have currently a problem using IE6.0 > (6.0.2600.0000.xpClient.010817-1148) over new Windows XP operating > system. Note that Netscape6.2 browser on XP is working find and that > IE6.0 under WinNt (with Service pack 6a) and windows 2000 is working > find too. > >>> > > > > -- > > Steve Zweep > Senior Software Engineer > BorderWare Technologies Inc. > http://www.borderware.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
