Mike,
yesterday I've restarted the webserver and the Thawte Cert works fine.
Netscape 4.7 and MSIE 5.01
use both 128bit encryption. I guess that MSIE didn't use 128bit encryption
during my tests, because
the servername didn't match the common name of the cert.
Anyway.
I've got a test certificate from VeriSign and it works fine for
Apache+mod_ssl. Unfortunately
test certs are not allowed to use 128 bit encryption.
Michael
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 10, 2000 4:03 PM
Subject: Re: SGC with different browsers
>
>
> Michael,
> I believe that Thawte will *offically support* certs for
Apache+Mod_SSL
> wheras if you want to use Verisign you will have to request a certificate
> indicating your server as a Stronghold server, in which case I am not sure
how
> you would stand for support. (Mind you I've learnt more from this mailing
list
> than any paid for support). I have seen a few posts from people running
> Verisign certs on Apache+Mod_SSL so I don't think that there should be any
major
> issues - perhaps someone could confirm the production use of a SGC cert on
> Apache+Mod_SSL?
> The FAQ is good on this subject
> http://www.modssl.org/docs/2.5/ssl_faq.html. The only pitfall to watch out
for
> is the use of an intermediate cert (yes - I fell into the trap).
> Mikey.
>
>
>
>
>
> "Michael Knuemann" <[EMAIL PROTECTED]> on 10/02/2000 08:26:56
>
> Please respond to [EMAIL PROTECTED]
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Mike Innes/Virgin Direct/GB)
>
> Subject: Re: SGC with different browsers
>
>
>
>
>
****************************************************************************
****
>
> Internet communications are not secure. This message is confidential to
the intended addressee. Any copying or distribution of it by anyone without
the addressee's consent may be unlawful. If you are not the intended
addressee, please inform us immediately and then delete this message.
>
> Virgin Direct Personal Financial Service Ltd is regulated by the Personal
Investment Authority for life insurance, pension and unit trust business and
represents only the Virgin Direct marketing group. Registered office:
Discovery House, Whiting Road, Norwich NR4 6EJ, UK. Registered in England
No. 3072766.
>
> The Virgin One account is a secured personal bank account with The Royal
Bank of Scotland plc. It is provided by Virgin Direct Personal Finance Ltd
which is a representative only of Virgin Direct Personal Financial Service
Ltd. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH,
UK. Registered in England no 3414708.
>
> The Virgin Deposit Account is a personal deposit account with The Royal
Bank of Scotland plc administered by Virgin Direct Personal Financial
Service Ltd.
>
>
****************************************************************************
****
>
----------------------------------------------------------------------------
----
Hi!
Thank you for the advice. I'm relatively new to the certification business.
I was told that Thawte is the only
way to go in case of apache & mod_ssl.
Probably that was wrong.
Michael
>
>
> Hi Michael,
> Thawte only has it's specially tagged SGC CA cert's in Netscape 4.7
and IE
> 5.01
> Verisign is probably your only option if you want to reach a larger target
> audience.
> Or get all your clients to upgrade ;^)
> Mikey
>
> Have a look at the end of
> http://www.thawte.com/certs/server/128bit/contents.html
>
>
>
>
>
> "Michael Knuemann" <[EMAIL PROTECTED]> on 09/02/2000 08:36:11
>
> Please respond to [EMAIL PROTECTED]
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Mike Innes/Virgin Direct/GB)
>
> Subject: SGC with different browsers
>
>
>
>
>
****************************************************************************
****
>
> Internet communications are not secure. This message is confidential to
the intended addressee. Any copying or distribution of it by anyone without
the addressee's consent may be unlawful. If you are not the intended
addressee, please inform us immediately and then delete this message.
>
> Virgin Direct Personal Financial Service Ltd is regulated by the Personal
Investment Authority for life insurance, pension and unit trust business and
represents only the Virgin Direct marketing group. Registered office:
Discovery House, Whiting Road, Norwich NR4 6EJ, UK. Registered in England
No. 3072766.
>
> The Virgin One account is a secured personal bank account with The Royal
Bank of Scotland plc. It is provided by Virgin Direct Personal Finance Ltd
which is a representative only of Virgin Direct Personal Financial Service
Ltd. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH,
UK. Registered in England no 3414708.
>
> The Virgin Deposit Account is a personal deposit account with The Royal
Bank of Scotland plc administered by Virgin Direct Personal Financial
Service Ltd.
>
>
****************************************************************************
****
>
----------------------------------------------------------------------------
----
Hi!
I'm trying to set up an apache+mod_ssl web server with 128bit session keys.
The cert I use is a
Thawte SuperCert. I've configured the httpd.conf as described in the howto
to use keys of length 128 bit.
I've tested it using netscape 4.61 on linux, netscape 4.7 on NT and internet
explorer 5.00 on NT.
Netscape 4.7 negotiate first EXP-RC4.. with 40 bit key and in the second
step RC4- with 128 bit key.
This is exactly as described in README.GlobalID.
Netscape 4.61 and MSIE do also a second negotiation, but it ends all up at
40 bit.
Does anybody know whats wrong?
IMPACT Business & Technology Consulting GmbH
Theodor-Heusss-Ring 23
D-50668 K�ln
Tel. (49) 221- 937080-0
Fax. (49) 221- 937080-15
e-Mail [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
