I'm using a Verisign Global ID and therefore need to configure modssl to
serve up the Intermediate CA. I've followed the various instructions
I've found for this but with no success.
I downloaded the Intermediate CA and saved it under intermediate_ca.crt
(I've listed it at the bottom of this mess
:: To: [EMAIL PROTECTED]
:: Subject: SSLCertificateChain file for Intermediate CA
::
::
:: I'm using a Verisign Global ID and therefore need to configure modssl to
:: serve up the Intermediate CA. I've followed the various instructions
:: I've found for this but with no success.
::
#x27;m gunna tell Nic what a l4m3r you are. ;
Wait until you try it in NS first :)
> :: -Original Message-
> :: From: [EMAIL PROTECTED]
> :: [mailto:[EMAIL PROTECTED]]On Behalf Of Damon Maria
> :: Sent: Thursday, 17 May 2001 15:48
> :: To: [EMAIL PROTECTED]
> :: S
:: Did you use IE? That seems to work fine (I guess it comes with the
:: Intermediate CA), Netscape and Opera both barf on it tho'.
Yes, IE 5.5; Konqueror 2.1.1 works too.
:: Wait until you try it in NS first :)
Nutscrape 4.76 says it "does not recognize the authority who [sic] signed
its [sic]
> I presume you're not trying to explicitly construct the server certificate
> chain that is being sent to the browser, together with the actual server
> cert?
This is what I'm trying to do. I'm trying to send all the certificates
in the chain (expect the root) to the browser. This includes my se
E.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
---- Original Message
Subject: SSLCertificateChain file for
:: Since I haven't gotten too much of a response yet (expect for thanks to
:: Juha) I'll post my VirtualHost in httpd.conf, which I probably should
:: have done in the first place.
::
:: If I uncomment the SSLCertificateChainFile line then the following
:: appears in the log and apache won't start
Juha Saarinen wrote:
>
> Stupid suggestion, perhaps, but can Apache read the CA file? Are the
> permissions OK?
Good suggestion, but the permissions are OK (identical to server.crt).
thanks again,
Damon.
__
Apache Interface to
On Fri, May 18, 2001 at 11:58:02AM +1200, Damon Maria wrote:
> Since I haven't gotten too much of a response yet (expect for thanks to
> Juha) I'll post my VirtualHost in httpd.conf, which I probably should
> have done in the first place.
>
> If I uncomment the SSLCertificateChainFile line then t
Sie der ausstellenden Institution vertrauen möchten.
> -Ursprüngliche Nachricht-
> Von: Lutz Jaenicke [SMTP:[EMAIL PROTECTED]]
> Gesendet am: Freitag, 18. Mai 2001 10:50
> An: [EMAIL PROTECTED]
> Betreff: Re: SSLCertificateChain file for Intermediate CA
>
> On
On Fri, May 18, 2001 at 01:21:31PM +0200, Henning von Bargen wrote:
> Lutz, when I try to access your site
> with Internet Explorer 5.5,
> IE tells me that it cannot verify the certificate.
> German error message is:
> Das Zertifikat wurde von einer Firma ausgestellt,
> die Sie nicht als vertrauen
> Without going through mod_ssl's source: did you try to put the complete
> chain into the ChainFile?
Tried this, but it didn't make any difference.
> With respect to the error message, mod_ssl can write more messages
> than that into e.g. an ssl_engine_log. Did you check all possible
> logfile
On Sun, 20 May 2001, Damon Maria wrote:
> One thing I haven't mentioned previously is that I'm running Apache
> 1.3.12 and mod_ssl 2.6. But I presume there shouldn't be a problem with
> either of these versions.
Well... Can't hurt to upgrade, can it? I'm running Apache 1.3.19 with
mod_ssl 2.8.1-
Juha Saarinen wrote:
>
> On Sun, 20 May 2001, Damon Maria wrote:
>
> > One thing I haven't mentioned previously is that I'm running Apache
> > 1.3.12 and mod_ssl 2.6. But I presume there shouldn't be a problem with
> > either of these versions.
>
> Well... Can't hurt to upgrade, can it? I'm run
On Sun, 20 May 2001, Damon Maria wrote:
> I may as well, I'm running out of other options.
If that fails, there's always Windows... muahahahahaha.
--
Regards,
Juha
PGP fingerprint:
B7E1 CC52 5FCA 9756 B502 10C8 4CD8 B066 12F3 9544
_
On Sun, May 20, 2001 at 02:24:35PM +1200, Damon Maria wrote:
> > With respect to the error message, mod_ssl can write more messages
> > than that into e.g. an ssl_engine_log. Did you check all possible
> > logfiles?
>
> I've checked, even with SSLLogLevel debug I couldn't get anymore out of
> it.
I think I've solved my problem and would just like to post the answer
for someone else's reference.
The offending line is:
SSLProtocol -all +SSLv2
If I take that line out mod_ssl can load the certificate chain. I
presume there's a good reason for this (chains require SSLv3 at a
guess)?
SSLPr
]
cc:
Subject:Re: SSLCertificateChain
file for Intermediate CA
[EMAIL PROTECTED] wrote:
>
> Hi Damon,
>Could you please put in the corrected part of your httpd.conf file - all
> the directives that are relavant to SSL connections.
OK, this is for the site https://www.motorweb.co.nz.. Try it and you may
I say.
First off, I'm using a Verisign Global ID c
19 matches
Mail list logo
