Re: RE: Problems with IE/56bit (not solved in the FAQ)
Hello, i had the same problem with both verisign certificate and self-signed certificate. We had with verisign step up certificate more problem. My problem was SSLRequired 128 bit. I commented the line and used SSLCiphers and so on, all internet explorer version work. Oranous [EMAIL PROTECTED] schrieb am 02.04.01: The problem seems to be that even with the IE workarounds, MSIE still does not like to connect when using a self-signed certificate. If you go out and buy a certificate, it should work (Verisign has a free trial cert if you just want to test it) -Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Swift Hello! I installed a self-generated certificate + CA in our Apache. All clients can connect via SSL but not export versions of Internet Explorer (56bit key). The lines SSLCipherSuite ALL:!ADH:!EXPORT56:... and SetEnvIF UserAgent ".*MSIE.*" ... were already in my httpd.conf. So I'm wondering why this don't work!? IE report always: Cannot find server or DNS Error The same thing happens, if I disable SSLv3 completely - very strange. Is there anything I can try to get this @!#%*-Explorer working? Help! Currently I disabled SSL because many users here in germany are using a 56bit-IE :-( But our site needs SSL to be enabled. Thanks in advance! ... tobias wiersch __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] ___ Alles unter einem Dach: Informationen, Fun, E-Mails. Bei WEB.DE: http://web.de Die groe Welt der Kommunikation: E-Mail, Fax, SMS, WAP: http://freemail.web.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Re: Problems with IE/56bit (not solved in the FAQ)
[EMAIL PROTECTED] schrieb: Hi! Oranous Niliarm wrote: i had the same problem with both verisign certificate and self-signed certificate. We had with verisign step up certificate more problem. My problem was SSLRequired 128 bit. I commented the line and used SSLCiphers and so on, all internet explorer version work. Hmm, there is no SSLRequired in my httpd.conf ... Maybe I made a mistake while creating the keys? I followed the FAQ at http://www.modssl.org/docs/2.8/ssl_faq.html : First: "How can I create and use my own CA?" I followed steps 1-3, then jumped to: "...[I] want to create a real SSL server certificate..." (I entered the FQDN as CommonName) After that I completed step 4 of [own CA]. Then I followed the steps "How can I get rid of the pass-phrase dialog...?" That's all. Maybe I made a mistake somewhere? Is there anything else I can try? Thanks! ... tobias wiersch __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Hi Tobias, i generate the CA certificate as below: Key and CSR generation 1. openssl md5 *.* rand.dat 2. openssl genrsa -rand rand.dat -out cakey.pem -des 1024 CA generation: openssl req -new -x509 -keyout ./demoCA/private/cakey.pem -out ./demoCA/certs/cacert.pem -days 3650 Generating a new key and csr and signing the csr with own ca. 1. openssl md5 *.* rand.dat 2. openssl genrsa -rand rand.dat -out key1.pem -des 1024 3. openssl req -new -key key1.pem -out csr1.pem 4. openssl ca -policy policy_anything -out cert.pem -in csr1.pem Good Speed Oranous [EMAIL PROTECTED] schrieb am 03.04.01: Hi! Oranous Niliarm wrote: __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] ___ Alles unter einem Dach: Informationen, Fun, E-Mails. Bei WEB.DE: http://web.de Die groe Welt der Kommunikation: E-Mail, Fax, SMS, WAP: http://freemail.web.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
IE 5.0 56bit Problem
Ive configured a proxy apache server+mod_ssl+openssl and used a 128 bit step up certificate. We have Problem with IE 5.0 with 56 bit encryption on win2000. I used the following directive. SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 and ive also tried: SSLProtocol all -SSLV3 or SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP and used SSL sessionCache But nothing helped me. Any help is much appreciated. __ Die Fachpresse ist sich einig: WEB.DE 20mal Testsieger! Kostenlos E-Mail, Fax, SMS, Verschlsselung, POP3, WAPtesten Sie uns! http://freemail.web.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]