Date: Mon, 19 Apr 1999 11:18:48 -0300
From: Alfredo Raul Pena <[EMAIL PROTECTED]>
Yes, I have a production system with a GSID working fine for
at least 3 months. I've placed the intermediate certificate in
a file with all the client certificates, so I'm using
SSLCACertificateFile instead of SSLCACertificatePath. But they
should work both ways... perhaps you forgot hashing the
certificates (ie. creating links to the certificates with the
cert fingerprint). I don't remember how you do it, but I'm
sure you can find it in the mod_ssl manual. And yes, it works
great (although the unoptimized renegotiation forces the user
to present the client cert twice when connecting for the first
time...., but that its about to change!)
Thanks. This is good to hear. I did do the cert hashing thing, and
I'm getting partial success with Netscape browsers now, but still
totally losing with MSIE.
Has your GSID been observed to work with MSIE 4 and 5, or just
Netscape? Is there any chance you could send a URL that I can connect
to?
Also, can you tell me the issue date of your GSID? I'm having some
problems with older browsers and GSID's issued in 1999, since those
are signed by a different Verisign root than GSID's issued earlier;
and the old browsers only have the old roots built in.
Regards
Paul ([EMAIL PROTECTED])
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
