Hi,
We seem to be unable to generate self-signed certificates with OpenSSL that will work with WinXP and the version of IE that comes with it. Can't find anything on the topic in the list archives, the MS site or on google. Anybody have any similar problems, or thoughts? Thanks. - Rod Details: The first server certificate and key below were generated using openssl 0.9.6b and installed in an Apache 1.3.12 server linked with openssl 0.9.6b running on FreeBSD 4.3. Connecting from a Netscape 6.2 browser running on WinXP works fine. Connecting from IE 6.0 on the same WinXP box fails. IE and Netscape running on other versions of Windows and Netscape on other FreeBSD client machines also work fine. In particular, when connecting from IE 6.0, the WinXP system does a reset on the connection after receiving the certificate. (No log entries we can find. Reducing security setting on WinXP to minimum doesn't change the behaviour.) The second certificate and key below was built by generating a cert request via openssl 0.9.6b and then signing this using a Microsoft test CA (that uses a self-signed CA cert). With this second certificate installed on the above server, both IE 6.0 and Netscape 6.2 can connect fine. WinXP was from a current MSDN gold release with the 20 Mb on-line patch applied. -----BEGIN CERTIFICATE----- MIIDZDCCAw6gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBoTELMAkGA1UEBhMCQ0Ex EDAOBgNVBAgTB09udGFyaW8xFDASBgNVBAcTC01pc3Npc3NhdWdhMRMwEQYDVQQK EwpCb3JkZXJ3YXJlMRIwEAYDVQQLEwlEZXZlbG9wZXIxGzAZBgNVBAMTEnNhbGVz LmFjb21wYW55LmNvbTEkMCIGCSqGSIb3DQEJARYVcm9iZXJ0QGJvcmRlcndhcmUu Y29tMB4XDTAxMTEwODAyMDEzM1oXDTAyMTEwODAyMDEzM1owgaExCzAJBgNVBAYT AkNBMRAwDgYDVQQIEwdPbnRhcmlvMRQwEgYDVQQHEwtNaXNzaXNzYXVnYTETMBEG A1UEChMKQm9yZGVyd2FyZTESMBAGA1UECxMJRGV2ZWxvcGVyMRswGQYDVQQDExJz YWxlcy5hY29tcGFueS5jb20xJDAiBgkqhkiG9w0BCQEWFXJvYmVydEBib3JkZXJ3 YXJlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQD1i9RBPUz/8W1hnaStfsmS /km+taEWywUWtWN7XJSH4u2l3G1VW63XkUXB4hMT7sTqlq/YzC+mLKYxnhMNsW7T AgMBAAGjggEtMIIBKTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyDESJ3vgMfaxUa15m95g r3W8SNIwgc4GA1UdIwSBxjCBw4AU0MmLJGAEuKqZ5gsTdlTruH/5q6mhgaekgaQw gaExCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMRQwEgYDVQQHEwtNaXNz aXNzYXVnYTETMBEGA1UEChMKQm9yZGVyd2FyZTESMBAGA1UECxMJRGV2ZWxvcGVy MRswGQYDVQQDExJzYWxlcy5hY29tcGFueS5jb20xJDAiBgkqhkiG9w0BCQEWFXJv YmVydEBib3JkZXJ3YXJlLmNvbYIBADANBgkqhkiG9w0BAQQFAANBAF6cOV+hQVwb C9uSukvP9nNoJWLyyOkC8y5yklV9yw+t8WEQdKmrtoitwmsMGpCNB8vZnv2WsqM2 FkrjVGB36I4= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIBOgIBAAJBAPWL1EE9TP/xbWGdpK1+yZL+Sb61oRbLBRa1Y3tclIfi7aXcbVVb rdeRRcHiExPuxOqWr9jML6YspjGeEw2xbtMCAwEAAQJAIRwCue1PJa/jROdh3jcb bSO2w+1v1Ef53q8ExAyexpeyQFA3jiV2MsSTCpn0H4se3R1RN2Wbv7XdWW/iOzpq YQIhAPuYYqMoxkgpUfIvq/0akWEe210DMGwQMu14T6NAsSNxAiEA+dhVNKAGZUwi teMfRCLtrFPhnHQEQFi3je2AgUQTDIMCIETq2RoYcTgTGX9dz57lSC1yZmR0Gy9+ wHSMIER31A4BAiEA6lNFhrfXh8Yif+jmeCcyNn/th6kgG6GZdhmcfqB0JTUCIFao uHb+mmWFj9WwkE/+ETvlvVW9IYRn2XmVixv//Y2W -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFKTCCBNOgAwIBAgIKY7xoHgAAAAAAEjANBgkqhkiG9w0BAQUFADCBmTEjMCEG CSqGSIb3DQEJARYUZm1pbmdAYm9yZGVyd2FyZS5jb20xCzAJBgNVBAYTAkNBMRAw DgYDVQQIEwdPbnRhcmlvMRQwEgYDVQQHEwtNaXNzaXNzYXVnYTEYMBYGA1UEChMP Qm9yZGVyd2FyZSBUZWNoMRIwEAYDVQQLEwlEZXZlbG9wZXIxDzANBgNVBAMTBlRF U1RDQTAeFw0wMTExMDcyMTQ3MTlaFw0wMjExMDcyMTU3MTlaMIGNMSQwIgYJKoZI hvcNAQkBFhVyb2JlcnRAYm9yZGVyd2FyZS5jb20xCzAJBgNVBAYTAkNBMRAwDgYD VQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdUb3JvbnRvMRcwFQYDVQQKEw5BIENvbXBh bnkgSW5jLjEbMBkGA1UEAxMSc2FsZXMuYWNvbXBhbnkuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1926pqz0nnfAlCOX+ZuJNFeyjFXtE/Iq1qjg I6Ti/CF/vxIj2reCtIp8SyKRAcfuSSW0tHxNHok2h2ROXa7p81nOVizzmkQmrJIk S0oceskEU7whCY3m7d1XjI8poX51q5OKvON9cusbqaAH4XKLcf8YEUv6YPeob0Bi OQSHk5SeIzOA5SnpDxsH7Q9JGyViBSWxelBuCl3ttfpoqkR+cZjxxyYVMjSpx2yN 9BiflJAHVWRaoskoLq/bMTVsd4Spe24vqCG1LyC1tJStJ97s3wbcRXksyGBS85tf Ez3nHHk1rEi0yvrFxqt/Ij1O91UyBxT1LZx7oX5amy3lnTdAXQIDAQABo4ICPTCC AjkwHQYDVR0OBBYEFFUrg8iA3FM4r6akiHuOt2dr17yrMIHVBgNVHSMEgc0wgcqA FI3nq+X3QZRe5KSHt6sYIIUXaAkfoYGfpIGcMIGZMSMwIQYJKoZIhvcNAQkBFhRm bWluZ0Bib3JkZXJ3YXJlLmNvbTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFy aW8xFDASBgNVBAcTC01pc3Npc3NhdWdhMRgwFgYDVQQKEw9Cb3JkZXJ3YXJlIFRl Y2gxEjAQBgNVBAsTCURldmVsb3BlcjEPMA0GA1UEAxMGVEVTVENBghBQmOr7QuRE vEFtIKH3fw0wMH8GA1UdHwR4MHYwOKA2oDSGMmh0dHA6Ly9hdXRob3IuYm9yZGVy d2FyZS5jb20vQ2VydEVucm9sbC9URVNUQ0EuY3JsMDqgOKA2hjRmaWxlOi8vXFxh dXRob3IuYm9yZGVyd2FyZS5jb21cQ2VydEVucm9sbFxURVNUQ0EuY3JsMIG+Bggr BgEFBQcBAQSBsTCBrjBUBggrBgEFBQcwAoZIaHR0cDovL2F1dGhvci5ib3JkZXJ3 YXJlLmNvbS9DZXJ0RW5yb2xsL2F1dGhvci5ib3JkZXJ3YXJlLmNvbV9URVNUQ0Eu Y3J0MFYGCCsGAQUFBzAChkpmaWxlOi8vXFxhdXRob3IuYm9yZGVyd2FyZS5jb21c Q2VydEVucm9sbFxhdXRob3IuYm9yZGVyd2FyZS5jb21fVEVTVENBLmNydDANBgkq hkiG9w0BAQUFAANBALpIfr3cfc085HN8jvG2/6PvZobOPMQiXPOSewLZuD7GbR+i L6GkOeA2uMuVpUGWDIqpUHLHEazgAxYmI4mP1qs= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA1926pqz0nnfAlCOX+ZuJNFeyjFXtE/Iq1qjgI6Ti/CF/vxIj 2reCtIp8SyKRAcfuSSW0tHxNHok2h2ROXa7p81nOVizzmkQmrJIkS0oceskEU7wh CY3m7d1XjI8poX51q5OKvON9cusbqaAH4XKLcf8YEUv6YPeob0BiOQSHk5SeIzOA 5SnpDxsH7Q9JGyViBSWxelBuCl3ttfpoqkR+cZjxxyYVMjSpx2yN9BiflJAHVWRa oskoLq/bMTVsd4Spe24vqCG1LyC1tJStJ97s3wbcRXksyGBS85tfEz3nHHk1rEi0 yvrFxqt/Ij1O91UyBxT1LZx7oX5amy3lnTdAXQIDAQABAoIBAHitrpFLk52b2P94 Ppf+id/HPzwRNW63LZe/5T5ICdVmbOJGo+C8Qsfnu8DNXD+go+gkujdEXmC52NAs FVtuU8AF7sJicvVFMFG9iajFj9Jc2pxtShLrT7Sezzj3OBDef64h16ftjc5W/aoA mydAQBDEyZGx5hGbooA/gCncDGdF4XAuz66E5Twz41NMpQiSIM+6l9LPqsY3YDJU KuOMFobpmksjdBMvE8myG4FTdattxfFpBjZlC/vIOpGCBZtJ6YlLKeoWKFNF3TC2 iSUVzaqSz4KHTVSjYwBfNXLjVBhC7l+QmadvkIypttmZ5xzKcv9DuSiuSeLcBiNh EdkQTckCgYEA9GGvCpcUIhxtIF1MnAnx5laFUy6+GzMPMyGIDkOiX7fzxhA9j8o/ xmb2kdbwiJboWQBCtzld0Ho90UPoW82BvwtIjVycAbKc87PQB7m3dCit8Fm1GZCJ Luv2AVZJiYUVAwm4qRtWXHBhL7sF+wTG3PDHu/a+AwWeUZyOhMDjsHsCgYEA4iD9 abRjiIenfla7AG5RyMfh9D8U9fBgeUA4LrfqnplyaB8P/aOFqGmoKLmC4CYA4o+q ATaOnJuOJzSb7gMTG0VPYar7ZFo4Q5XH46livxJTF/WcwGtU5nzSOct7kAdHTtUL xJVR0mkDrBLDOObgVipHvhTmlh150XbA4XtJNwcCgYEAoCr5t14nYufwmdqsYESg V4/zV/51uIvxdViPvJGVdViyG+j/ACPVQqqvBgyyn0MQy2xBTab6lq3XoDT6sFhz pgu2JHhDA1XWSl9ahAWzeB1FSxbwe+3gC3G5TU0Ja2leyRvw/FyfcHxzJf5UwB10 XNAuiEICbSacie6q9dUaJcsCgYBPFiyrMJzzHka1SA4lK3BNIaNkMj/ZeFW1coFz zX0wNQivY9XK5ssTSMi4XZFpZcE/e/GAdR1RppIEIkE68DZZflcyGIPN6EPvV05O 0Gop23XWVl+ZaLCL4DICZqlziSgmaRqxiWvRhEr1fqZqm0zwtd7bmyG+dNarLLZu 5hiINwKBgQDArNDI5kpqnZ+zdwaj2tOheq+boy4+zAN6UXZRHwTRadMyzqzJE1tL 43pUexEEQs0yG1Vq//tbX8LZCf59LMqugCYE7SI+yKkvYto3m9p/2UfwngxT+sLN gBADB319tQlXZ9gDaGZ5yMrw8oFqurFHl3eVVV6k6S7s0Gj2F+GkDQ== -----END RSA PRIVATE KEY----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
