On Fri, 10 Apr 1998, Giovanni Tomassini wrote:
> Why? I have 2 CA: the one made with SSLeay and one made with Certificate
> Server by Microsoft. I create Certificates that are installed both on
> Netscape and Microsoft browsers, and i have an apache-ssl server and a IIS 4
> server both with their "respective" server certificate and IIS4 authenticate
> the SSLeay client certificates while apache shut down the connection with
> IE401and any client certificate, but accept Netscape client certificate made
> both with SSLeay or MS Certificate Server. Damn!
not really true......... do this.....
find in apache_ssl.c until you reach:
#if SSLEAY_VERSION_NUMBER >= 0x0800
SSL_CTX_set_tmp_rsa_callback(pConfig->pSSLCtx,TmpRSACallback);
#endif
and change it to:
#if SSLEAY_VERSION_NUMBER >= 0x0800
SSL_CTX_set_tmp_rsa_callback(pConfig->pSSLCtx,TmpRSACallback);
SSL_CTX_set_client_CA_list(pConfig->pSSLCtx,SSL_load_client_CA_file(pConfig->szC
ACertificateFile));
#endif
this force apache to send the ca list to MSIE and the user will be
prompted for the certificate selection....
recompile.... it and set the right path for the CAcertificate file in the
configuration... (otherwise this will not work)
...but MSIE have other other surprises for you!... enjoy!
> Obviously Netscape and Microsoft both accept the CA certificates made both
> with SSLeay or MS Certificate Server....
>
> Shortly, i have tried every combination of CA, Server and Client
> Certificates, Browser Web, Server Web and software for CA (SSLeay and MS
> Certificate Server), and the only problem is IE401 with Apache-SSL.
>
> I think it's a IE401 problem with Apache-SSL.
>
> Thank You for responding
>
> Dott. Giovanni Tomassini
> Infogroup S.p.A.
> Via delle Panche, 140
> 50141 Florence - Italy
> Tel.: +39-55-43645621
> Fax: +39-55-4365735
> -----Original Message-----
> From: James Smallacombe <[EMAIL PROTECTED]>
> To: Giovanni Tomassini <[EMAIL PROTECTED]>
> Cc: SSL-USERS <[EMAIL PROTECTED]>
> Date: venerd� 10 aprile 1998 15.30
> Subject: Re: [ssl-users] Microsoft IE4.01 doesn't work with Apache -SSL
>
>
> >On Fri, 10 Apr 1998, Giovanni Tomassini wrote:
> >
> >
> > [NON-Text Body part not included]
> >
> >You need to get a Thawte Certificate...
> >
> >James Smallacombe Internet Access for Bucks County
> >[EMAIL PROTECTED] And Philadelphia, PA.
> >PlantageNet Internet Ltd. http://www.pil.net
> >"I'll plant Plantagenet, root him up who dares." 3Henry VI, I,i
> >For PGP public key: http://www.pil.net/~james/mypubkey.txt
> >
> >
>
//)
//\emo.
Remo Tabanelli [EMAIL PROTECTED]
-or-
[EMAIL PROTECTED]
===========================================
In a world without walls, who needs Gates ?
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
