Re: IE browser does not disply proper error message if the certificate is expired
I posted a couple weeks back on the same problem. I had also tried setting specific ErrorDocument directives in my httpd.conf, but it didn't work. From what I can tell is that since the default errors are written into the apache/mod_ssl code to display errors in http not https and when all traffic from my site is forced through https(certificate required) you get a "page cannot be displayed" error. Looking around newsgroup archives the only suggestion I found was to prompt for a cert and add logic to your web app to allow access only if the proper credentials were set as environment variables. Unfortunately not everyone has their site setup with that much flexibility (mine for instance). I challenge those of you knowledgable in the intricacies of mod_ssl to explain why error messages don't display and a feasible workaround (preferrably using mod_ssl verification). On 07 Mar 2002 13:50 CST you wrote: > Any help from anyone? > I need this desperately. > Sincerely > Shiva > > > > --- Shiva Murugesan <[EMAIL PROTECTED]> wrote: > > Many thanks jon. The problem occurs in 5.5 and 6.0 > > as > > well. > > I have tried unchecking the "Show friendly error > > message", still it is not displaying the correct SSL > > message. After unchecking, it started asking twice > > to > > present the client certificate. After presenting the > > client certificate for the second time, it displays > > the standard error message. > > > > Ta > > Shiva > > > > > > > > --- jon schatz <[EMAIL PROTECTED]> wrote: > > > On Mon, 2002-03-04 at 15:50, jon schatz wrote: > > > > if you uncheck "Tools -> Internet Options -> > > > Advanced -> Show Friendly > > > > HTTP error messages", you can get more useful > > > info. Unfortunately, the > > > > default is to show the same error message for > > > everything. You'll have to > > > > change this by hand on your end users' machines > > > (or write an ActiveX > > > > control to do it for you). > > > > > > oops. this is on ie 5.5/6.0. i can't speak for ie > > > 5.0 personally. so > > > ymmv. > > > > > > -jon > > > > > > -- > > > [EMAIL PROTECTED] || www.divisionbyzero.com > > > gpg key: www.divisionbyzero.com/pubkey.asc > > > think i have a virus?: > > > www.divisionbyzero.com/pgp.html > > > "You are in a twisty little maze of Sendmail > > rules, > > > all confusing." > > > > > > > > ATTACHMENT part 2 application/pgp-signature > > name=signature.asc > > > > > > > > __ > > Do You Yahoo!? > > Try FREE Yahoo! Mail - the world's greatest free > > email! > > http://mail.yahoo.com/ > > > __ > > Apache Interface to OpenSSL (mod_ssl) > >www.modssl.org > > User Support Mailing List > > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE browser does not disply proper error message if the certificate is expired
Any help from anyone? I need this desperately. Sincerely Shiva --- Shiva Murugesan <[EMAIL PROTECTED]> wrote: > Many thanks jon. The problem occurs in 5.5 and 6.0 > as > well. > I have tried unchecking the "Show friendly error > message", still it is not displaying the correct SSL > message. After unchecking, it started asking twice > to > present the client certificate. After presenting the > client certificate for the second time, it displays > the standard error message. > > Ta > Shiva > > > > --- jon schatz <[EMAIL PROTECTED]> wrote: > > On Mon, 2002-03-04 at 15:50, jon schatz wrote: > > > if you uncheck "Tools -> Internet Options -> > > Advanced -> Show Friendly > > > HTTP error messages", you can get more useful > > info. Unfortunately, the > > > default is to show the same error message for > > everything. You'll have to > > > change this by hand on your end users' machines > > (or write an ActiveX > > > control to do it for you). > > > > oops. this is on ie 5.5/6.0. i can't speak for ie > > 5.0 personally. so > > ymmv. > > > > -jon > > > > -- > > [EMAIL PROTECTED] || www.divisionbyzero.com > > gpg key: www.divisionbyzero.com/pubkey.asc > > think i have a virus?: > > www.divisionbyzero.com/pgp.html > > "You are in a twisty little maze of Sendmail > rules, > > all confusing." > > > > > ATTACHMENT part 2 application/pgp-signature > name=signature.asc > > > > __ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free > email! > http://mail.yahoo.com/ > __ > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE browser does not disply proper error message if the certificate is expired
Many thanks jon. The problem occurs in 5.5 and 6.0 as well. I have tried unchecking the "Show friendly error message", still it is not displaying the correct SSL message. After unchecking, it started asking twice to present the client certificate. After presenting the client certificate for the second time, it displays the standard error message. Ta Shiva --- jon schatz <[EMAIL PROTECTED]> wrote: > On Mon, 2002-03-04 at 15:50, jon schatz wrote: > > if you uncheck "Tools -> Internet Options -> > Advanced -> Show Friendly > > HTTP error messages", you can get more useful > info. Unfortunately, the > > default is to show the same error message for > everything. You'll have to > > change this by hand on your end users' machines > (or write an ActiveX > > control to do it for you). > > oops. this is on ie 5.5/6.0. i can't speak for ie > 5.0 personally. so > ymmv. > > -jon > > -- > [EMAIL PROTECTED] || www.divisionbyzero.com > gpg key: www.divisionbyzero.com/pubkey.asc > think i have a virus?: > www.divisionbyzero.com/pgp.html > "You are in a twisty little maze of Sendmail rules, > all confusing." > > ATTACHMENT part 2 application/pgp-signature name=signature.asc __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE browser does not disply proper error message if the certificate is expired
Dear folks, In other words, when IE 5.0 is communicating with SSL enabled apache, it does not display whenever there is any valid errrors( alerts ) occurs, such as client certificate expired or revoked. It just displays the misleading error "Page cannot be displayed" DNS errors. Sincerly , Shiva --- Shiva Murugesan <[EMAIL PROTECTED]> wrote: > Hello there, > > I have a apache webserver with the following build > details. > > apache 1.3.17 > modssl 2.8.0 > openssl 0.9.6 > > I have set > SSLVerifyClient require in order to make the > browser > to present a certificate. > > If I present a expired certificate in the NE it > comes > back and says "The server rejected the certificate > as > expired". > > Whereas if I do the same in IE 5.5, it comes up with > the stupid error > "The page cannot be displayed". It also displays > when > I present the revoked certificate as well. > > Could anyone help me to show proper error message in > IE, that is of great help. > > Cheers > Shiva > > > > > __ > Do You Yahoo!? > Yahoo! Sports - sign up for Fantasy Baseball > http://sports.yahoo.com > __ > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
IE browser does not disply proper error message if the certificate is expired
Hello there, I have a apache webserver with the following build details. apache 1.3.17 modssl 2.8.0 openssl 0.9.6 I have set SSLVerifyClient require in order to make the browser to present a certificate. If I present a expired certificate in the NE it comes back and says "The server rejected the certificate as expired". Whereas if I do the same in IE 5.5, it comes up with the stupid error "The page cannot be displayed". It also displays when I present the revoked certificate as well. Could anyone help me to show proper error message in IE, that is of great help. Cheers Shiva __ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]