RE: Urgent problem with apache/modssl and IE(?) clients.

Tue, 17 Oct 2000 06:16:44 -0700 

Does the address you're using to access the site match the site name in the
certificate? IE chokes with some SGC certificates if it doesn't. You can
turn off this behavior in IE by checking "Check for server certificate
revocation" in the advanced security settings.

> -----Original Message-----
> From: Priit Randla [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 17, 2000 4:25 AM
> To: [EMAIL PROTECTED]
> Subject: Urgent problem with apache/modssl and IE(?) clients.
> 
> 
> 
> 
>     Hello fellow modssl users.
>  
>     We are using apache1.3.12/modssl2.6.4/openssl0.9.5a on a linux/x86
> box.
>   We are having quite nasty problems with some browsers.
>   Specifically, 56bit W2000 IE 5.01 does not work with SGC 
> certificate. 
>   Yes, i know what FAQ says, but SSLCiphersuite  ...!EXP56... does not
> make any
>   difference. But there are other browsers that cannot connect even to
> non-SGC using
>   server. So far these have been old W95 boxen.
>   
>   These are errors i'm seeing in error_log:
> 
>   Server using Verisign signet cert with Netscape SGC set: 
>  
> [Tue Oct 17 09:57:23 2000] [error] mod_ssl: SSL error on reading data
> (OpenSSL library error follows)
> [Tue Oct 17 09:57:23 2000] [error] OpenSSL:
> error:140940E5:SSLroutines:SSL3_READ_BYTES:ssl handshake failure
> 
> [Tue Oct 17 09:57:46 2000] [error] mod_ssl: SSL handshake 
> interrupted by
> system [Hint: Stop button p
> ressed in browser?!] (System error follows)
> [Tue Oct 17 10:57:46 2000] [error] System: Connection reset by peer
> (errno: 104)
> (Lots of them).
> 
>   Server using regular Verisign cert:
> 
> [Tue Oct 17 10:07:52 2000] [error] mod_ssl: SSL handshake 
> failed (server
> www.eyp.ee:443, client ......  (OpenSSL library error follows)
> [Tue Oct 17 10:07:52 2000] [error] OpenSSL:
> error:14094412:SSLroutines:SSL3_READ_BYTES:sslv3 alert 
> bad certificate [Hint: Subject CN in certificate not server name or
> identical to CA!?]
> (Lots of them).
> 
> 
> Thanks in advance,
> Priit Randla
> [EMAIL PROTECTED]
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to