We are using self signed certificates on our Apache server. Previously we were able to use the
SSLCACertificateFile /conf/apache/trustroots.ber or SSLCertificateChainFile /conf/apache/chain.ber directives to push the chain of certifiers to IE without IE complaining. It would read the chain that was pushed with the certificate and the session would continue. For the past 6 to 8 months or so Internet Explorer has been throwing security warnings saying ... "The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority." I know this is not a modssl issue. The directives used to work, and still do. If you leave the directive out of the httpd.conf file, the browser does not show a certificate chain. With either directive, the browser will display the complete chain. I realize that installing the signing CA into IE's (and Mozilla's for that matter) CA store will resolve the issue, but that's incredibly difficult to do across many enterprises. I suspect that this is an "Anti-Phishing" security change in IE but cannot find anything related on the web. I have been googling and cannot find anybody experiencing an issue similar to this. Has anybody on this list seen anything akin to this? BJ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
