Hey,
I had a very similar problem recently, and I found out the following...
Sometimes (not sure what circumstances) IE5 will only present you with a
personal certificate to choose IF the personal certificate is valid, this
means that it must be recognised by the webserver as from a trusted ca, and
be in date.
Try the following.
Point you SSLCACertificateFile directive at the enclosed document, which is
the Bundle of CA's that I used to fix my problem. If you CA that issued your
Personal Cert is not located in the Websevers list of trusted CA's, it WILL
NOT connect.
hope this helps..
Baj
-----Original Message-----
From: Sandipan Gangopadhyay [mailto:[EMAIL PROTECTED]]
Sent: 13 March 2001 11:16
To: [EMAIL PROTECTED]
Subject: Re: Client Certificate Presentation
Thanks for the pointer.
I had put the directory of the ssl.crt (crt store) in the
SSLCACertificatePath originally. Then, I also put the actual common Root CA
crt file name in the SSLCACertificateFile (when Oliver Bode suggested it). I
also looked at the handshake process as suggested by Dr Henson with s_client
and found in the accepted CA list, the DN of this common Root CA (by common,
I mean this root CA has signed both the server and the client certificates).
(I had also installed a Digital ID from UltraSecure and I still get a blank
box when I access THE UltraSecure server !) So, this doesnt seem to be a
problem.
I think we have a case of a broken IE5.5 here (two machines, same IE). (Sad
that I have spent about a week on this.) I have another machine with IE5.01
here, but that is export controlled and also useless for this purpose.
I am trying to figure out how to install a fresh 5.5 over this 5.5 (As
anyone on the MS IE5.5 mailing list knows, uninstall is very buggy and risky
!)
Thanks, everyone for pitching in on this one.
Regards,
Sandipan
----- Original Message -----
From: "Peter Sylvester" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 12, 2001 6:39 PM
Subject: Re: Client Certificate Presentation
> > 3. However, Internet Explorer 5.5 shows a dialogue box saying the server
is
> > requesting Client Authentication and asking me to select a certificate
to
> > use when connecting. The problem is that the list is EMPTY !!! While the
> > certificate and private key are clearly visible in the Options |
Certificate
> > | Personal Section.
> >
> > Does anyone have any idea what is happening ? Anyone face this before ?
Or
> > where I should ask this question ?
> >
> have you put the authority that has signed the client certificate into
> SSLCACertificateFile or SSLCACertificatePath
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
ca-bundle.crt
