On Tue, Jan 19, 1999, Shane Wegner wrote:
> I have setup mod_ssl with Apache 1.3.4 on my web server according to the
> instructions in the INSTALL file. I used a self-signed key with "make
> certificate TYPE=custom" and it worked in lynx without a problem. Tests
> in s_client showed a 1024 bit key. I then fired up the win95 machine and
> tried to access the site using IE4 and it said it couldn't access it
> because the key was signed by an unknown CA. This is understandable but
> when I went to view certificate, the quality said "40 bit - Low" which
> indicates that the key is low grade. Strange since s_client said 1024
> bit. Furthermore, IE had no way to override the unknown CA problem so I
> couldn't connect at all.
The "40 bit" display usually means the grade of the connection and not really
the key. The key is 1024, but I guess you're using an export-version of IE you
get only a EXP-XXXXX cipher on SSL handshake. Just look inside the mod_ssl
logfile, there the cipher is displayed.
> What I am wonder is 1) Is that an IE bug or a SSLEAY bug with the
> seemingly different bitrates?
Neither of them. The 40bit quality is caused by the export restrictions built
into your IE, I think. The fact that it doesn't know your CA is another
problem. I've no experiences with IE under Win95, so I cannot help you in
getting our CA cert recognized by it.
> 2) Can IE load an https site even if it is signed by an unknown (to it)
> CA? Sorry if the last question is offtopic for this list but I couldn't
> find anything in the manual or FAQ.
I think, IE will not accept connections until you've loaded your CA cert into
IE for correct verification of the server cert.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
