Gidday Damon,
Seems to work OK...
https://www.motorweb.co.nz loads fine, and if I look at the cert, I see:
Issued to: www.motorweb.co.nz
Issued by: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
[sic]
Valid from: 05/02/01 to 06/02/02
Cert serial is: 74EB B7E7 DB06 D3A7 5401
> Seems to work OK...
Did you use IE? That seems to work fine (I guess it comes with the
Intermediate CA), Netscape and Opera both barf on it tho'.
> https://www.motorweb.co.nz loads fine, and if I look at the cert, I see:
>
> Issued to: www.motorweb.co.nz
>
> Issued by: www.verisign.com/CPS I
:: Did you use IE? That seems to work fine (I guess it comes with the
:: Intermediate CA), Netscape and Opera both barf on it tho'.
Yes, IE 5.5; Konqueror 2.1.1 works too.
:: Wait until you try it in NS first :)
Nutscrape 4.76 says it "does not recognize the authority who [sic] signed
its [sic]
> I presume you're not trying to explicitly construct the server certificate
> chain that is being sent to the browser, together with the actual server
> cert?
This is what I'm trying to do. I'm trying to send all the certificates
in the chain (expect the root) to the browser. This includes my se
Since I haven't gotten too much of a response yet (expect for thanks to
Juha) I'll post my VirtualHost in httpd.conf, which I probably should
have done in the first place.
If I uncomment the SSLCertificateChainFile line then the following
appears in the log and apache won't start...
"[error] mod
:: Since I haven't gotten too much of a response yet (expect for thanks to
:: Juha) I'll post my VirtualHost in httpd.conf, which I probably should
:: have done in the first place.
::
:: If I uncomment the SSLCertificateChainFile line then the following
:: appears in the log and apache won't start
Juha Saarinen wrote:
>
> Stupid suggestion, perhaps, but can Apache read the CA file? Are the
> permissions OK?
Good suggestion, but the permissions are OK (identical to server.crt).
thanks again,
Damon.
__
Apache Interface to
On Fri, May 18, 2001 at 11:58:02AM +1200, Damon Maria wrote:
> Since I haven't gotten too much of a response yet (expect for thanks to
> Juha) I'll post my VirtualHost in httpd.conf, which I probably should
> have done in the first place.
>
> If I uncomment the SSLCertificateChainFile line then t
On Fri, May 18, 2001 at 01:21:31PM +0200, Henning von Bargen wrote:
> Lutz, when I try to access your site
> with Internet Explorer 5.5,
> IE tells me that it cannot verify the certificate.
> German error message is:
> Das Zertifikat wurde von einer Firma ausgestellt,
> die Sie nicht als vertrauen
> Without going through mod_ssl's source: did you try to put the complete
> chain into the ChainFile?
Tried this, but it didn't make any difference.
> With respect to the error message, mod_ssl can write more messages
> than that into e.g. an ssl_engine_log. Did you check all possible
> logfile
On Sun, 20 May 2001, Damon Maria wrote:
> One thing I haven't mentioned previously is that I'm running Apache
> 1.3.12 and mod_ssl 2.6. But I presume there shouldn't be a problem with
> either of these versions.
Well... Can't hurt to upgrade, can it? I'm running Apache 1.3.19 with
mod_ssl 2.8.1-
Juha Saarinen wrote:
>
> On Sun, 20 May 2001, Damon Maria wrote:
>
> > One thing I haven't mentioned previously is that I'm running Apache
> > 1.3.12 and mod_ssl 2.6. But I presume there shouldn't be a problem with
> > either of these versions.
>
> Well... Can't hurt to upgrade, can it? I'm run
On Sun, 20 May 2001, Damon Maria wrote:
> I may as well, I'm running out of other options.
If that fails, there's always Windows... muahahahahaha.
--
Regards,
Juha
PGP fingerprint:
B7E1 CC52 5FCA 9756 B502 10C8 4CD8 B066 12F3 9544
_
On Sun, May 20, 2001 at 02:24:35PM +1200, Damon Maria wrote:
> > With respect to the error message, mod_ssl can write more messages
> > than that into e.g. an ssl_engine_log. Did you check all possible
> > logfiles?
>
> I've checked, even with SSLLogLevel debug I couldn't get anymore out of
> it.
I think I've solved my problem and would just like to post the answer
for someone else's reference.
The offending line is:
SSLProtocol -all +SSLv2
If I take that line out mod_ssl can load the certificate chain. I
presume there's a good reason for this (chains require SSLv3 at a
guess)?
SSLPr
]
cc:
Subject:Re: SSLCertificateChain
file for Intermediate CA
[EMAIL PROTECTED] wrote:
>
> Hi Damon,
>Could you please put in the corrected part of your httpd.conf file - all
> the directives that are relavant to SSL connections.
OK, this is for the site https://www.motorweb.co.nz.. Try it and you may
I say.
First off, I'm using a Verisign Global ID c
17 matches
Mail list logo
