We have perennial problems with Entrust certificates on the Mac. Make sure you have the entrust chain certificate installed and the MSIE browser match. Here is the relevant ssl config from a <virtualhost>:
SSLEngine on SSLCertificateFile /esn/www/conf/ssl.crt/www2002.crt SSLCertificateKeyFile /esn/www/conf/ssl.key/www2002.key # SSLCACertificatePath /esn/www/conf/ssl.crt/ SSLCertificateChainFile /esn/www/conf/ssl.crt/entrust.crt SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 You'll notice that Mac IE is not listed at all at Entrust's supported browsers page: http://www.entrust.net/tech/browsers/index.htm :( Hope this helps. David -- |> /+\ \| | |> David Croft Infotrek On Mon, 1 Jul 2002, Mark Jeftovic wrote: > > I'm not thinking straight. > > Everything I described below about the unsupported cert is with ENTRUST > certs, not equifax, which is why I posted it here. > > (We used to use equifax, we switched to entrust, I got mixed up) > > So, the ENTRUST cert doesn't work on IE 5.1 on Mac, Netscape 4.7 on > Mac (and pretty well every other browser and platform), works. > > Anyone run into this? > > -mark > > > On Mon, 1 Jul 2002, Mark Jeftovic wrote: > > > > > Seems to be an issue with IE5.1 on Mac. Netscape 4.7 on Mac seems > > to work and cert shows up as Entrust. IE does not, it gets that > > error. > > > > So my guess is with the Entrust buyout of Equifax, there is a missing > > CA somewhere for IE 5.1 on the Mac, everything else works fine, including > > IE5.1 on Windows. > > > > -mark > > > > > I checked the Security preferences for my installation of IE 5.1. There > > are > > > four certs from Equifax. They have various names: > > > "Equifax Security Certificate Authority Equifax US" > > > "Equifax eBusiness CA-1 Equifax Secure Inc. US" > > > Etc. > > > > > > None have expired. > > > > > > My version of IE (5.1.4) is the latest available for Mac OS 8.1 through > > 9.x > > > There is a new V5.2 released, for Mac OS X. > > > > > > I tried contacting your site with my wife's iBook. It is also running > > > OS9.1, > > > with a slightly older version of IE 5.1.3. Got the same result. > > > > > I checked the Security preferences for my installation of IE 5.1. There > > are > > > four certs from Equifax. They have various names: > > > "Equifax Security Certificate Authority Equifax US" > > > "Equifax eBusiness CA-1 Equifax Secure Inc. US" > > > Etc. > > > > > > None have expired. > > > > > > Last experiment - used Netscape 4.7 to connect. Had an old copy sitting > > >on > > > my Mac, though I don't use it anymore. It works, and I am able to logon > > >to > > > easyDNS. I checked the cert being used : it is not from equifax, but > > >from > > > Entrust. Here are the details of the cert when I clicked on "Security" > > >while > > > viewing the easydns page with Netscape. > > > > > > On Mon, 1 Jul 2002, Apu wrote: > > > > > I'm getting the same error using MS IE 5.1 under Mac OS X for your > > > https://members.easydns.com/ site but not for our own site, nor > > > GeoTrust's. > > > > > > Did you install the chained certificate (see "SSLCACertificateFile" in > > > your httpd.conf) on your server? That should eliminate the need for the > > > end-user to have to do anything, except on a few browsers which have a bug > > > that prevents them from accepting the chained certificate. > > > > > > I don't have the specific instructions handy for you but Equifax (and/or > > > GeoTrust) should have sent the instructions -- and the second certificate > > > -- to you when they supplied the certificate for your site. > > > > > > > > > --- > > > Apu <[EMAIL PROTECTED]> > > > Chief Operating Officer > > > NOC Services Corp. > > > www.nocservices.com > > > > > > > > > -- > mark jeftovic > http://www.easydns.com > http://mark.jeftovic.net > >
