Hi Brendon,
this is my Virtual-Host-configuration; I have Apache 1.3.14, mod_ssl 2.7.1
and openssl 0.9.6 running on COL 2.3. It works fine on both browsers
(Netscape 4.7 and MSIE 5.5), even with a dummy-cert.
#### Section 2: Main Server Configuration
#Port: port to which the stand-alone server listens
#Port 80
Port 443
#SSL Support: standard https-port
<IfDefine SSL>
#Listen 80
Listen 443
</IfDefine>
....
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
#PassPhraseDialog:
SSLPassPhraseDialog builtin
#Inter Process Session Cache
SSLSessionCache dbm:/etc/httpd/logs/ssl_cache
SSLSessionCacheTimeout 300
#Semaphore:inter-process synchronization;
SSLMutex file:/etc/httpd/logs/ssl_mutex
#Pseudo Random Number Generator (PRNG)
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#Logging:.
SSLLog /etc/httpd/logs/ssl_engine_log
#Log Levels none, error, warn, info, trace, debug
SSLLogLevel info
</IfModule>
<IfDefine SSL>
####SSL Virtual Host Context
<VirtualHost _default_:443>
DocumentRoot "/etc/httpd/htdocs"
ServerName server.company.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
#SSl engine switch
#Enable/Disable SSL
SSLEngine on
#SSLCipherSuite
SSLCipherSuite HIGH:MEDIUM:LOW:EXP:-SSLv2
#allow all ciphers for the initial handshake,
#so export browsers can upgrade via SGC facility
<Directory "/etc/httpd/htdocs">
#but finally deny all browsers which haven`t upgraded
#SSLRequire %{SSL_CIPHER_USEKEYSIZE} >=128
</Directory>
#Server certificate
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#Server Private Key
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
#ServerCertificateChain: .
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
#Certificate Authority
#SSLCACertificatePath /etc/httpd/conf/ssl.crt
#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
#Certificate Revocation Lists (CRL)
#SSLCARevocationPath /etc/httpd/conf/ssl.crl
#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
#Client-Authentication
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
#SSLEngine Options
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
#If CGI, uncomment
#<Files ~ "\.(cgi|shtml)$">
# SSLOptions +StdEnvVars
#</Files>
#<Directory "/etc/httpd/cgi-bin">
# SSLOptions +StdEnvVars
#</Directory>
#SSLProtocol Adjustments
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#Per server Logging
CustomLog /etc/httpd/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
Maybe this is a little help or brings you some new inspirations on your
problem. Good luck!
Elke
Elke Hiendl
Beraterin f�r System- und Netzwerkmanagement
iteratec
Gesellschaft f�r iterative Softwaretechnologien mbH
Inselkammerstra�e 4
82008 M�nchen-Unterhaching
Telefon +49 89 61 45 51 - 35
Fax +49 89 61 45 51 - 10
www http://www.iteratec.de
mailto:[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
