On MSIE client side certificate, I ahve the same problem. My certificate
can be used to sign emails (outlook express). But when requested from IE,
the dialog box shows nothing. Several things may go wrong:
1. MS bug. (I hope they confirm it if it is)
2. DN may have to match the user name? (I mean the login user name)
3. Cert type (or flag) incorrect.
I have not confirmed any of the issues yet. Still experimenting. Anyboy has
answers, I like to know.
-----Original Message-----
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Saturday, October 31, 1998 11:04 AM
Subject: Re: MSIE and SSL connection using client certificates
>On Fri, Oct 16, 1998, Haewon Lee wrote:
>
>> I've installed "SSLeay-0.9.0b" and "mod_ssl-2.0.13-1.3.3.tar.gz" in my RH
>> Linux machine. Everything is working fine but one problem. I setup my
own
>> certificate authority named "CBNU CA" using SSleay. I installed
>> certificates for a server and clients issued by "CBNU CA" and setup the
web
>> server so that it accepts only certificates issued by "CBNU CA". I
wanted
>> to make an SSL connect using client certificates.
>>[..]
>> Documents in the virtual host with port number 8443 should be accessed
only
>> using client certificates. For Netscape Navigator this is ok. But for
MSIE
>> (4.01) , regardless of having required certificates, msie establishes an
SSL
>> connection not using client certificates. ( If I try to access the
virtual
>> host with port number 8443 first, I failed. But after I access the
virtual
>> host with port number 443, I can access the one with port number 8443.
The
>> last one is a SSL connection but does not use client certificates.) If
this
>> is true, apache server with mod_ssl would have a security problem.
>>
>> As a result I never succeeded in making an SSL connection using client
>> certificate with MSIE.
>
>Just to inform you that your request is not ignored: I've no clue what's
going
>wrong with MSIE and I currently cannot test it myself (the MSIE
installation
>on my NT box totally screwed up just before ApacheCon). When I find time
I'll
>reinstall MSIE and try it out myself. In the meantime I hope someone other
>shares his experiences with MSIE and mod_ssl. Is there anything to say?
Has
>nobody success in using MSIE? Or only problems when client certs are used?
>Please share your experience.
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
>______________________________________________________________________
>Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
>Official Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
