One user reported problem with my https website (which uses apache/mod_ssl), telling that IE7 doesn't trust my CA certificate.
Problem never happened with earilier versions of IE and with any other browsers. Since I don't have Windows machine with IE7 I cannot reproduce problem myself, so I ask here, may be somebody knows what was done wrong. User installs certificate in Windows as usial, by importing it into manually selected trusted root storage. There are two suspicious things about certificate (both applicable to either CA certificate and site certificate) 1. They do not have x509v3 extensions (keyUsage, extendedKeyUsage etc) CA certificate, however, has Basic Constrains CA:TRUE. 2. They use md5WithRSAEncryption signature algorithm CA Certificate in question can be obtained from http://www.wagner.pp.ru/45.free.net.crt Site where problem occurs is https://www.wagner.pp.ru Openssl version used for generation of site certificate and for serving https is 0.9.7e (Debian oldstable). I sincerely do not remember whether same version was used to generate CA certificate or it was done with previous version of Debian (which had 0.9.6 as far as I remember). Thanks in advance, Victor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
