On Thu, Oct 14, 1999, Anil A . Pal wrote:
> We were able to follow the instructions in README.GlobalID and get
> step-up encryption with our own certificate authority.
>
> Now, with the actual VeriSign certificate, we are seeing some
> browsers accept the certificate and step-up correctly, whereas
> others do not.
>
> However, some of the browsers that do not recognize our certificate,
> *will* accept the certificate from
>
> https://enigma.barclaycard.co.uk
Sounds like a browser issue related to the fact that
Versign's GIDs use an intermediate CA. You should have
received this CA cert, too.
> [...]
> > "Or you can add the CA cert to the
> > SSLCACertificatePath and let mod_ssl pick it up there while sending the server
> > cert chain.
>
> Could someone clarify whether this is just for the self-signed CA
> certificate, or is it true for a VeriSign certificate also? if
> so, what CA cert is it that we should add?
For GIDs you should use the newer SSLCertificateChain directive to configure
the whole CA chain, including the intermediate CA Versign uses. The browser
has to know the whole chain.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
