Hi there,
On Fri, 9 Feb 2001, David Rees wrote:
> > >Curious, according to the docs, it shouldn't allow those browsers to
> > >connect. Are you using one of the step-up certificates from Verisign?
> >
> > So I'm told by the guy who acquired our certificates from Verisign. How do
> > I tell?
>
> I'm not sure, does anyone else know?
I think it's by the presence of the "Microsoft SGC" extension in the
signed server certificate. If you examine the server certificate in a
modernish IE browser (or simply use "openssl asn1parse") you should be
able to see whether the extension is there. I'm reasonably sure that's
what causes IE browsers to switch to non-standard protocol-breaking
hackery, because I never saw this happen from IE when the server cert
didn't have that extension. My memory is a bit dim on this one though, but
I think that's right.
Cheers,
Geoff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
