Re: Maddening problem with IE on NT or 98

Louis LeBlanc Fri, 12 Jan 2001 13:19:39 -0800
I think I understand this.  What it looks like to me is that IE gets a
pointer to a revocation list and checks the cert against it.

Unfortunately on NT or 98, if you don't have this checked and IE gets a
pointer to a revocation list, it fails.  If it is checked, it appears to
just check the list and accepts the cert without caring if the cn even
matches the server domain - bad.

My main problem still remains.  Is there a way I can solve this from the
server side without calling every web surfer in the world and telling
them to check that stupid box?

TIA
L

Greg Stark wrote:
> 
> IE will first try to make a connection, go through the handshake, then CLOSE
> the connection if it detects a problem with the certificate (or if the
> server asks the client to authenticate). It then prompts the user for the ok
> to go ahead (or prompts the user to choose a certificate to authenticate to
> the server with in the case of  client auth), and redoes the SSL
> handshaking.
> 
> Greg Stark, [EMAIL PROTECTED]
> Ethentica, Inc.
> www.ethentica.com
> 
> ----- Original Message -----
> From: "Louis LeBlanc" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, January 12, 2001 3:06 PM
> Subject: Re: Maddening problem with IE on NT or 98
> 
> > Wait a minute!  I just tried the server revocation suggestion, and it
> > seems to work.  I guess I owe you an apology for a hasty reply.
> >
> > Here is what I don't understand
> >
> > Why is this causing trouble if the cert is not expired?
> >
> > How can I fix this from the server side without requiring that all the
> > surfers in the world configure their browsers?
> >
> > Thanks a million!
> > Lou
> >
> > "Wallace, William" wrote:
> > >
> > > Are you using an SGC certificate? If so and the address you're using in
> the
> > > browser doesn't match that in the certificate then IE will do exactly
> what
> > > you've described. Recent versions let you work around it by checking
> "Check
> > > for server certificate revocation" in the advanced security settings.
> > >
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

-- 
Louis LeBlanc
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
[EMAIL PROTECTED]
http://acadia.ne.mediaone.net
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: Maddening problem with IE on NT or 98

Reply via email to
