Re: Problem with Global Server ID - SGC

Mon, 6 Mar 2000 17:32:23 -0800 

Thanks to all. it does work fine.

Page Info says,
Security: This is a secure document that uses a
high-grade encryption key for U.S. domestic use only
(RC4, 128 bit).

The page info says 128 bit strong cipher has
been used

Thanks
Vijay

--- Dr Stephen Henson <[EMAIL PROTECTED]> wrote:
> vijay karthik wrote:
> > 
> > Hi !
> > 
> > I am facing a problem while configuring Global
> server
> > certificate - SGC support !
> > 
> > 1> I got a verisign Global Serv ID(for SGC) :
> gsid.crt
> > 2> specified the gsid.crt under SSLCertificateFile
> > 3> specified the key file
> > 4> Got the intermediate verisign CA
> root(gsid_ca.crt)
> >   and specified the same under
> > SSLCertificateChainFile.
> > 5> started apache: apachectl startssl
> > 
> > I installed 4.08 netscape browser with SCG
> support.
> > Selected the cipher - "RC4 encryption with a
> 128-bit
> > key and an MD5 MAC (When permitted)" ! I
> unselected
> > every other cipher from the browser.i expected a
> > step-up. The browser gave an error when connecting
> to
> > apache server.
> > 
> > "You cannot connect to an encrypted website
> because
> > SSL has  been disabled. you can enable SSL from
> > security->navigator option...etc"
> > 
> > Whereas if i select a cipher "RC4 encryption with
> a
> > 40-bit key and an MD5 MAC" then the connection
> goes
> > thru fine. This means still the stepup doesnt
> work!
> > 
> 
> You need an initial weak cipher when using SGC
> because it uses that to
> verify the server certificate. The final cipher
> should be strong if it
> has worked though. What does "page info" give when
> the connection works?
> 
> Steve.
> -- 
> Dr Stephen N. Henson.  
> http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED] 
> Senior crypto engineer, Celo Communications:
> http://www.celocom.com/
> Core developer of the   OpenSSL project:
> http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via
> homepage.
> 
> 
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> [EMAIL PROTECTED]
> Automated List Manager                          
> [EMAIL PROTECTED]
> 
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to