Paul Rubin schrieb:
>
> You have to make a link to the intermediate certificate file.
>
> My 'SSLCACertificatesPath' looks as follows:
>
> 58546a39.0 -> VeriSign_Trusted_Network.pem
> 7651b327.0 -> VeriSign_Class_3.pem
>
> However, I think the problem is that 7651b327 is the hash of the old
> Verisign class 3 public primary root that expires 12/31/99. GSID's
> issued after 1/1/99 are signed with a different root. Old browsers
> see the new root and fail to recognize it. I will try to locate the
> new root on verisign.com and install it in the client path. Hopefully
> it is signed by the old root.
You can make two links:
7651b327.0 -> old_VeriSign_Class_3.pem
7651b327.1 -> new_VeriSign_Class_3.pem
Thus both are accessible. But I'm not fully sure wether SSLeay/OpenSSL
will actually check both which is the suitable one for *sending*
out. With SSLeay 0.6.x it was at least possible to have 2 different
certs with the same subject and the correct one was used for
*verification*. It might be worth a try.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
