Re: Verisign CA cert problem
--On Wednesday, May 19, 2004 10:50:44 AM -0700 Christopher McCrory <[EMAIL PROTECTED]> wrote: On Wed, 2004-05-19 at 09:46, Bill MacAllister wrote: Hello, I am having problems with a brand new Verisign 128 bit certificate that has just be purchased. I have installed the certificate and the intermediate CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance. Did you get a new intermediate cert (intermediate.crt) from Verisign also? This also goes in the apache config. directions somewhere on verisigns site. Yes. The only certificate that has ever been on my servers is the new CA cert. Actually there are multiple references on the Versign site: http://www.verisign.com/support/install/apache/v00Mod.html#global http://www.verisign.com/support/site/caReplacement.html Of course, while both describe the same issue they suggest slightly different Apache directives. Respectively the two suggestions are: SSLCertificateFile /etc/ssl/crt/public.crt SSLCertificateKeyFile /etc/ssl/crt/private.key SSLCertificateChainFile /etc/ssl/crt/intermediate.crt and SSLCACertificateFile /etc/ssl/crt/intermediate.crt I have tried both and neither method works for IE. Bill What I am seeing is the Netscape and Mozilla connect to the site just fine. When I connect to the site with IE 6 the security window pops up telling be that the certificate has either expired or is not valid yet. When I look at the certificate the intermediate CA cert that IE is using is the expired cert that was installed with IE. I tried removing the old intermediate CA cert from IE altogether and it still will not load the intermediate CA cert from my server. I am not really sure what to try at this point. Oh, yes, Verisign support has been pretty much useless. Help suggestions will be greatly appreciated. Bill +--- | Bill MacAllister | 14219 Auburn Road | Grass Valley, CA 95949 | 530-272-8555 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Christopher McCrory "The guy that keeps the servers running" [EMAIL PROTECTED] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] +--- | Bill MacAllister | 14219 Auburn Road | Grass Valley, CA 95949 | 530-272-8555 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Verisign CA cert problem
On Wed, 2004-05-19 at 09:46, Bill MacAllister wrote: > Hello, > > I am having problems with a brand new Verisign 128 bit certificate that has > just be purchased. I have installed the certificate and the intermediate > CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance. > Did you get a new intermediate cert (intermediate.crt) from Verisign also? This also goes in the apache config. directions somewhere on verisigns site. > What I am seeing is the Netscape and Mozilla connect to the site just fine. > When I connect to the site with IE 6 the security window pops up telling be > that the certificate has either expired or is not valid yet. When I look > at the certificate the intermediate CA cert that IE is using is the expired > cert that was installed with IE. I tried removing the old intermediate CA > cert from IE altogether and it still will not load the intermediate CA cert > from my server. > > I am not really sure what to try at this point. Oh, yes, Verisign support > has been pretty much useless. > > Help suggestions will be greatly appreciated. > > Bill > > +--- > | Bill MacAllister > | 14219 Auburn Road > | Grass Valley, CA 95949 > | 530-272-8555 > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] -- Christopher McCrory "The guy that keeps the servers running" [EMAIL PROTECTED] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Verisign CA cert problem
I am away on paternity leave for the next few days. Please contact OLSU if urgent, otherwise i will get back to you as soon as possible on my return. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Verisign CA cert problem
Hello, I am having problems with a brand new Verisign 128 bit certificate that has just be purchased. I have installed the certificate and the intermediate CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance. What I am seeing is the Netscape and Mozilla connect to the site just fine. When I connect to the site with IE 6 the security window pops up telling be that the certificate has either expired or is not valid yet. When I look at the certificate the intermediate CA cert that IE is using is the expired cert that was installed with IE. I tried removing the old intermediate CA cert from IE altogether and it still will not load the intermediate CA cert from my server. I am not really sure what to try at this point. Oh, yes, Verisign support has been pretty much useless. Help suggestions will be greatly appreciated. Bill +--- | Bill MacAllister | 14219 Auburn Road | Grass Valley, CA 95949 | 530-272-8555 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
