In order for the stepup to work, you have to allow 40-bit encryption so it
can figure out that it needs to step it up.

Regards,

-Mat

---
Mat Butler, Winged Wolf                       <[EMAIL PROTECTED]>
SPASTIC Web Engineer                  SPASTIC Server Administrator
----Begin FurryCode v1.3----
FCWw5amrsw A- C+ D H+++ M+++++[servercoder] P+ R++ T+++ W Z++ Sm++ 
RLCT/M*/LW* a cl/u/v++++>+++++ !d e- f>++++ h++ iwf+++ j p->+ sm++
----End FurryCode v1.3----


On Mon, 6 Mar 2000, vijay karthik wrote:

> Hi !
> 
> I am facing a problem while configuring Global server
> certificate - SGC support !
> 
> 1> I got a verisign Global Serv ID(for SGC) : gsid.crt
> 2> specified the gsid.crt under SSLCertificateFile
> 3> specified the key file
> 4> Got the intermediate verisign CA root(gsid_ca.crt) 
>   and specified the same under
> SSLCertificateChainFile.
> 5> started apache: apachectl startssl
> 
> I installed 4.08 netscape browser with SCG support.
> Selected the cipher - "RC4 encryption with a 128-bit
> key and an MD5 MAC (When permitted)" ! I unselected
> every other cipher from the browser.i expected a
> step-up. The browser gave an error when connecting to
> apache server.
> 
> "You cannot connect to an encrypted website because
> SSL has  been disabled. you can enable SSL from
> security->navigator option...etc"
> 
> Whereas if i select a cipher "RC4 encryption with a
> 40-bit key and an MD5 MAC" then the connection goes
> thru fine. This means still the stepup doesnt work!
> 
> The ssl_engine_log file says...
> ...
> OpenSSL: read 0/7 bytes from BIO#00159AF0
> [mem:00175048] (BIO dump follows)
> +-------------------------------------------+
> +-------------------------------------------+
> Spurious SSL handshake interrupt[Hint: Usually one of
> those OpenSSL confusions]
> 
> The verisign customer support says "install
> Intermediate Cert first and then
> the SGC(Globas server) cert later.." but i could not
> understand how you can do that..afterall, if i dont
> specify the SSLcertificateFile when the 
> SSLEngine is ON i wont be able to start the server at
> all.
> 
> Can someone help me on this ?
> 
> Thanks a lot
> Vijay
> 
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to