For your information before you stumble over this pitfall:
Because in mod_ssl 2.0.13 now the Snake Oil CA Certificate is a X.509 v3
certificate with the CA flag and nsCertType set correctly, the "make
certificate TYPE=dummy" is problematic (at least Netscape doesn't accept the
certificate). The reason is just that Netscape doesn't accept a CA certificate
as a server certificate, of course.
So, don't use "make certificate TYPE=dummy" in 2.0.13 not even for testing
purposes (for real production machines one doesn't use this anyway). Use the
other three variants instead, especially just "make certificate" (which is
TYPE=test). These all work fine. Just keep in mind that TYPE=dummy
certificates are not accepted by all browsers.
I'll fix this after ApacheCon by adding a pre-generated dummy server
certificate into the distribution.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
