Kirk,
> Has anyone else seen this problem? Could it be a Y2K bug in IE4? The
> modssl document suggests building certs with a script in the root directory
> of the Apache source tree, however OpenSA does not supply this script.
We ran into the same problem. We are using a setup in which a root ca
certifies an intermediate ca which in turn certifies for example end users
(or services). IE 5.x knows the concept of certificate chaining but handles
it quite peculiar. We found that IE only "trusts" certificates whose
validity does not exceed that of the certificate issuer. I can understand
that a certificate issued by a CA can not be valid before the certificate of
the CA became valid. But to limit the validity period of certificates
issued by a CA to the validity period of that CA is really stupid. But IE
works that way... So that's where I would take a peek.
I found you can adjust the trust levels manually in Outlook Express, but
this does not do any good for the Internet exploder *or* Outlook
Express.....the world is a sad place.
Hope it helps.
Jan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
