IE can have problems with Verisign global certs if the host name you're
using in the URL doesn't match the site name in the certificate. When this
occurs you get the misleading "Server Not Found..." error.
Although not a practical solution, you can make IE work by checking "Check
for server certificate revocation" in the browser settings.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 13, 2001 11:38 AM
> To: [EMAIL PROTECTED]
> Subject: IE Connectivity Issue
>
>
>
> Hi ,
> I have been following the list closely for the IE related
> issues which
> give "Server not found / DNS Error" but could not find an
> answer for the
> problem I have.
> I have Apache 1.3.14 with OpenSSL - v 0.9.6 and modSSL 2.7.2
> running on a
> Win2000 m/c with a Verisign Global certificate installed.
>
> The application gets the dreaded - "The page can not be displayed
> ......Server not found or DNS error " when I try to access
> the "https"
> page over the dial up connectivity. This problem too does not
> happen with
> all the dial up connections. I have seen the problem when I tried to
> access using Compuserve and MSN.
>
> I have been trying to find an answer for this problem for a
> few months now
> but have no clue on what the approach should be. The problem
> is that there
> is NO entry for the failed access on the apache log files. I
> am not able to
> identify whether this is a network issue or an apache
> configuration issue.
>
> Here's the SSL connectivity configuration piece from my
> Httpd.conf file.
>
> Thanks,
> Rajaram.
>
> ------------- ----------- ----------- ------------ ----------
> ------------
> ----------- --------- -------------
> <IfModule mod_setenvif.c>
>
> #
> # The following directives modify normal HTTP response behavior.
> # The first directive disables keepalive for Netscape 2.x
> and browsers
> that
> # spoof it. There are known problems with these browser
> implementations.
> # The second directive is for Microsoft Internet Explorer 4.0b2
> # which has a broken HTTP/1.1 implementation and does not properly
> # support keepalive when it is used on 301 or 302
> (redirect) responses.
> #
> BrowserMatch "Mozilla/2" nokeepalive
> #BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
> force-response-1.0
> #BrowserMatch "MSIE 4\.0;" nokeepalive downgrade-1.0
> force-response-1.0
> #BrowserMatch "MSIE 5\.0;" nokeepalive downgrade-1.0
> force-response-1.0
> #
> # The following directive disables HTTP/1.1 responses to
> browsers which
> # are in violation of the HTTP/1.0 spec by not being able
> to grok a
> # basic 1.1 response.
> #
> BrowserMatch "RealPlayer 4\.0" force-response-1.0
> BrowserMatch "Java/1\.0" force-response-1.0
> BrowserMatch "JDK/1\.0" force-response-1.0
>
> </IfModule>
>
> JkMount /*.jsp ajp13
> JkMount /servlet/* ajp13
> JkMount /otherworker/*.jsp remoteworker
>
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLSessionCache dbm:/sslcache
> SSLSessionCacheTimeout 300
>
> SSLLog logs/SSL.log
> SSLVerifyClient 0
> SSLVerifyDepth 10
> SSLOptions +FakeBasicAuth
> SSLLogLevel error
> # ##Addition Complete
>
> # You can later change "info" to "warn" if everything is OK
>
> <VirtualHost dcntws01.newpower.com:443>
> SSLEngine On
> SSLCertificateFile conf/ssl/dcntws01.newpower.com.cert
> SSLCertificateKeyFile conf/ssl/dcntws01.newpower.com.key
> #Added on 04092001 by Rajaram.
> SSLCACertificateFile conf/ssl/dcntws01gsid.cert
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> </VirtualHost>
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
