--On Wednesday, May 19, 2004 10:50:44 AM -0700 Christopher McCrory
[EMAIL PROTECTED] wrote:
On Wed, 2004-05-19 at 09:46, Bill MacAllister wrote:
Hello,
I am having problems with a brand new Verisign 128 bit certificate that
has just be purchased. I have installed the certificate and the
intermediate CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d
instance.
Did you get a new intermediate cert (intermediate.crt) from Verisign
also? This also goes in the apache config. directions somewhere on
verisigns site.
Yes. The only certificate that has ever been on my servers is the new CA
cert.
Actually there are multiple references on the Versign site:
http://www.verisign.com/support/install/apache/v00Mod.html#global
http://www.verisign.com/support/site/caReplacement.html
Of course, while both describe the same issue they suggest slightly
different Apache directives. Respectively the two suggestions are:
SSLCertificateFile /etc/ssl/crt/public.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/intermediate.crt
and
SSLCACertificateFile /etc/ssl/crt/intermediate.crt
I have tried both and neither method works for IE.
Bill
What I am seeing is the Netscape and Mozilla connect to the site just
fine. When I connect to the site with IE 6 the security window pops up
telling be that the certificate has either expired or is not valid yet.
When I look at the certificate the intermediate CA cert that IE is
using is the expired cert that was installed with IE. I tried removing
the old intermediate CA cert from IE altogether and it still will not
load the intermediate CA cert from my server.
I am not really sure what to try at this point. Oh, yes, Verisign
support has been pretty much useless.
Help suggestions will be greatly appreciated.
Bill
+---
| Bill MacAllister
| 14219 Auburn Road
| Grass Valley, CA 95949
| 530-272-8555
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
--
Christopher McCrory
The guy that keeps the servers running
[EMAIL PROTECTED]
http://www.pricegrabber.com
Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense. I tried it. Only tinfoil works.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
+---
| Bill MacAllister
| 14219 Auburn Road
| Grass Valley, CA 95949
| 530-272-8555
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]