On Tue, Apr 25, 2000 at 10:41:33AM -0400, Kirk Benson wrote:
> Hi all,
>
> I have installed the OpenSA/0.20 Apache/1.3.12 (Win32) mod_ssl/2.6.2
> OpenSSL/0.9.5 load under NT4. This includes the snake-oil ca and server
> certs.
>
> For HTTPS testing purposes, I have installed the snake-oil CA as a trusted
> CA. When I access my site with IE4, I'm informed via a popup dialog that
> the certificate is "expired or not yet valid". When I select the View
> Certificate option, I see that the expiration date is 10/20/01 6:21:51 PM
> and the effective date is 10/21/99 6:21:51 PM. Chosing to continue, I am
> able to establish the SSL session.
>
> My problem is that I am using two test-driver programs that use the
> web-access functionality of IE. Both of these fail with "communications
> error 12037", meaning the certificate date is invalid or expired. I have no
> way of overiding the certificate acceptance in these programs.
>
> Has anyone else seen this problem? Could it be a Y2K bug in IE4? The
> modssl document suggests building certs with a script in the root directory
> of the Apache source tree, however OpenSA does not supply this script.
>
> Any suggestions would be appreciated.
>
This seems quite strange, as the certs (at least in 2.6.3) will not expire
before some time in october next year.
You could try examining the certs manually:
openssl x509 -in snakeoil-rsa.crt -text -noout
just to make sure that they haven't made a mistake and added some old
certificates to opensa. You could also try making your own certs according
to the instructions in the manual:
http://www.modssl.org/docs/2.6/ssl_faq.html#ToC24
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
