kloomis wrote:
At 11:31 PM 9/23/2004 -0700, you wrote:
kloomis wrote:
Hello:
I am using SSL with Apache 2.0 to run a "secure" website. The problem I have is that Mac users using Internet Explorer open the site without encryption. They access it via an https:\\ address but they don't get asked to accept a security certificate and the site opens for them. PC users are required to accept the certificate before they get access.
How can I fix this.
It's not clear to me why you think this is a problem. If there is some reason they should be required to accept the security certificate, and they aren't being required to, then it's a problem.
Thanks for your reply.
Yes, they should not be able to access the data without encrypted transmission. Is there a way for me to require it?
We're talking past each other here. I am talking about whether or not they have to accept a security certificate. You are talking about whether or not they must use SSL.
Are you saying that people are able to supply an 'https' URL and connect without using SSL?! That would be a problem.
Yes. That is what is happening.
But this has nothing to do with whether you do or don't have to accept a certificate. Normally you only have to manually accept a certificate if the certificate is deficient in some way.
It's a self signed cert, that's why they have to accept it. I want to restrict users only to access the site via SSL. Do you know how to make that happen?
Ken
