]
cc:
Subject:Re: SSLCertificateChain
file for Intermediate CA
[EMAIL PROTECTED] wrote:
Hi Damon,
Could you please put in the corrected part of your httpd.conf file - all
the directives that are relavant to SSL connections.
OK, this is for the site https://www.motorweb.co.nz.. Try it and you may
I say.
First off, I'm using a Verisign Global ID
Without going through mod_ssl's source: did you try to put the complete
chain into the ChainFile?
Tried this, but it didn't make any difference.
With respect to the error message, mod_ssl can write more messages
than that into e.g. an ssl_engine_log. Did you check all possible
logfiles?
On Sun, 20 May 2001, Damon Maria wrote:
One thing I haven't mentioned previously is that I'm running Apache
1.3.12 and mod_ssl 2.6. But I presume there shouldn't be a problem with
either of these versions.
Well... Can't hurt to upgrade, can it? I'm running Apache 1.3.19 with
mod_ssl
Juha Saarinen wrote:
On Sun, 20 May 2001, Damon Maria wrote:
One thing I haven't mentioned previously is that I'm running Apache
1.3.12 and mod_ssl 2.6. But I presume there shouldn't be a problem with
either of these versions.
Well... Can't hurt to upgrade, can it? I'm running
On Fri, May 18, 2001 at 11:58:02AM +1200, Damon Maria wrote:
Since I haven't gotten too much of a response yet (expect for thanks to
Juha) I'll post my VirtualHost in httpd.conf, which I probably should
have done in the first place.
If I uncomment the SSLCertificateChainFile line then the
Sie der ausstellenden Institution vertrauen möchten.
-Ursprüngliche Nachricht-
Von: Lutz Jaenicke [SMTP:[EMAIL PROTECTED]]
Gesendet am: Freitag, 18. Mai 2001 10:50
An: [EMAIL PROTECTED]
Betreff: Re: SSLCertificateChain file for Intermediate CA
On Fri, May 18, 2001 at 11:58
On Fri, May 18, 2001 at 01:21:31PM +0200, Henning von Bargen wrote:
Lutz, when I try to access your site
with Internet Explorer 5.5,
IE tells me that it cannot verify the certificate.
German error message is:
Das Zertifikat wurde von einer Firma ausgestellt,
die Sie nicht als
I presume you're not trying to explicitly construct the server certificate
chain that is being sent to the browser, together with the actual server
cert?
This is what I'm trying to do. I'm trying to send all the certificates
in the chain (expect the root) to the browser. This includes my
\
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
Original Message
Subject: SSLCertificateChain file for Intermediate CA
Date: Thu, 17 May 2001 15:47:46 +1200
From: Damon Maria [EMAIL PROTECTED
:: Since I haven't gotten too much of a response yet (expect for thanks to
:: Juha) I'll post my VirtualHost in httpd.conf, which I probably should
:: have done in the first place.
::
:: If I uncomment the SSLCertificateChainFile line then the following
:: appears in the log and apache won't
Juha Saarinen wrote:
Stupid suggestion, perhaps, but can Apache read the CA file? Are the
permissions OK?
Good suggestion, but the permissions are OK (identical to server.crt).
thanks again,
Damon.
__
Apache Interface to
I'm using a Verisign Global ID and therefore need to configure modssl to
serve up the Intermediate CA. I've followed the various instructions
I've found for this but with no success.
I downloaded the Intermediate CA and saved it under intermediate_ca.crt
(I've listed it at the bottom of this
:: To: [EMAIL PROTECTED]
:: Subject: SSLCertificateChain file for Intermediate CA
::
::
:: I'm using a Verisign Global ID and therefore need to configure modssl to
:: serve up the Intermediate CA. I've followed the various instructions
:: I've found for this but with no success.
::
:: I downloaded
first :)
:: -Original Message-
:: From: [EMAIL PROTECTED]
:: [mailto:[EMAIL PROTECTED]]On Behalf Of Damon Maria
:: Sent: Thursday, 17 May 2001 15:48
:: To: [EMAIL PROTECTED]
:: Subject: SSLCertificateChain file for Intermediate CA
::
::
:: I'm using a Verisign Global ID
:: Did you use IE? That seems to work fine (I guess it comes with the
:: Intermediate CA), Netscape and Opera both barf on it tho'.
Yes, IE 5.5; Konqueror 2.1.1 works too.
:: Wait until you try it in NS first :)
Nutscrape 4.76 says it does not recognize the authority who [sic] signed
its [sic]
16 matches
Mail list logo