On Wed, Mar 16, 2005, Vu Pham wrote: > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten > > Sent: Tuesday, March 15, 2005 11:33 PM > > To: openssl-users@openssl.org > > Subject: Re: Field CN and the certificates > > > > Back to your original problem -- You said you were accessing > > the web server by using IE, was that client machine in the > > same private network (as the server)? > > > > Have you tested accessing the web server from another client machine? > > > > Maybe you should start looking from the client-end. > > Yes, I did this on 1 XP/IE on the same local network, 1 XP/IE from outside, > 1 W2k/IE from outside, one Solaris 10 x86/Netscape on VPN network. > > All the IEs show the same error. Netscape on Solaris even shows "You have > attempted to establish a connection with "abc.mydomain.com". However the > security certificate presented belongs to "abc.mydomain.com" .... > > The thing makes me confused is the two host names that the warning displays > are the same. >
Well firstly you can rule out DNS records. To avoid DNS spoofing attacks the only thing that is important is the hostname the browser uses and the server it talks to ultimately. You mentioned using a self signed certificate for the server. This can cause problems. Have you tried it with a root CA and server certificate instead, as created by CA.pl for example? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
