Hello,
I have just started looking into VeriSign Global ID's in
the last week, so I am still a very long way from being an
expert.
But one thing I've learned is that Global ID's apparently
enable 128 bit encryption only in Netscape 4.02 and MSIE
4.01 and later. Here is a URL for a server with a VeriSign
Global ID. You might try accessing this with your browser.
https://enigma.barclaycard.co.uk/
This worked for me with an export version of Netscape 4.05.
But when I tried this with a Netscape 3.x export browser, I
got a nice error screen from BarclayCard suggesting I
download an up-to-date browser:-)
I don't have a clue what means "Intermediate CA". This is
just my novice $0.02.
Enjoy your weekend.
--------------------------
Ed Kubaitis - [EMAIL PROTECTED]
CCSO - University of Illinois at Urbana-Champaign
"Ralf S. Engelschall" wrote:
>
> On Fri, Apr 09, 1999, Lyndon Nerenberg wrote:
>
> > According to README.GlobalID, mod_ssl should work with a Verisign
> > GlobalID certificate. The examples don't show how to do it with the
> > real thing, though. Specifically, where does the Intermediate CA
> > Certificate fit into things? This seems to be necessary to get the
> > browsers to recognize the "VeriSign International Server CA - Class 3"
> > that signs the GlobalID certs.
> >
> > Has anyone actually made this work? If not, are there plans to? Or
> > references to show what would have to be changed in apache/mod_ssl to
> > get this working?
>
> First, I'm sure you don't have to change anything in mod_ssl to make it
> working. Second, the intermediate CA is just a matter for the client and not
> for mod_ssl. For mod_ssl the Global ID cert is nothing more than a standard
> cert. It just has some additional X.509v3 extensions. So you've to add it to
> the client to let it recognize it. Or you can add the CA cert to the
> SSLCACertificatePath and let mod_ssl pick it up there while sending the server
> cert chain. BTW, the reason why the README.GlobalID doesn't talk about a real
> cert situation is because I cannot afford a real cert myself. So I was only
> able to emulate it by creating a similar cert and patching Netscape.
>
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
