Hi !
I am facing a problem while configuring Global server
certificate - SGC support !
1> I got a verisign Global Serv ID(for SGC) : gsid.crt
2> specified the gsid.crt under SSLCertificateFile
3> specified the key file
4> Got the intermediate verisign CA root(gsid_ca.crt)
and specified the same under
SSLCertificateChainFile.
5> started apache: apachectl startssl
I installed 4.08 netscape browser with SCG support.
Selected the cipher - "RC4 encryption with a 128-bit
key and an MD5 MAC (When permitted)" ! I unselected
every other cipher from the browser.i expected a
step-up. The browser gave an error when connecting to
apache server.
"You cannot connect to an encrypted website because
SSL has been disabled. you can enable SSL from
security->navigator option...etc"
Whereas if i select a cipher "RC4 encryption with a
40-bit key and an MD5 MAC" then the connection goes
thru fine. This means still the stepup doesnt work!
The ssl_engine_log file says...
...
OpenSSL: read 0/7 bytes from BIO#00159AF0
[mem:00175048] (BIO dump follows)
+-------------------------------------------+
+-------------------------------------------+
Spurious SSL handshake interrupt[Hint: Usually one of
those OpenSSL confusions]
The verisign customer support says "install
Intermediate Cert first and then
the SGC(Globas server) cert later.." but i could not
understand how you can do that..afterall, if i dont
specify the SSLcertificateFile when the
SSLEngine is ON i wont be able to start the server at
all.
Can someone help me on this ?
Thanks a lot
Vijay
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]