httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tovo Gianluca" <gianluca.t...@telecomitalia.it>
Subject [users@httpd] RE: Certificate not recognized by browsers
Date Wed, 10 Mar 2004 10:27:45 GMT
Robert,
you are right. But you should check the logs for errors in loading the intermediate certificate.
Are you sure about the integrity of this file? (look for the first and last row with "---...").
You should check also for OpenSSL tool, there should be a mode for testing in verbose mode
for ssl connection to a server.

Gianluca Tovo
Telecom Italia Information Technology S.p.A.
OSS&VAS Solutions - IT Security Products & Services
S.S.148 Pontina, Km 29.100 00040 Pomezia (RM)
phone +39 06 91197426
fax +39 06 91197331
mobile  +39 335 5792708


> -----Original Message-----
> Date: Tue, 9 Mar 2004 08:57:53 -0800
> To: users@httpd.apache.org
> From: fjan245@superiorshelving.com
> Subject: Re: [users@httpd] RE: Certificate not recognized by browsers
> Message-Id: 
> <E7ABFD65-71EA-11D8-9680-000393A362A8@superiorshelving.com>
> 
> Salve Gianluca,
> 
> > it seems that you just didn't show your intermediate CA 
> certificate to 
> > the server.
> 
>    That's what I thought, too, but according to ipsCA's 
> testing web page 
> << http://certs.ipsca.com/checkserver/ >>, everything appears to be 
> O.K.
> 
> > Here your three certs, root (IPS SERVIDORES), CA (ipsCA A1), server 
> > (server).
> > Root and server is OK, but your server should propose also the 
> > intermediate CA to the client so it can resolve the entire 
> cert path.
> 
>    According to ipsCA << 
> http://certs.ipsca.com/Support/CSRApache-MOD-SSL.asp >>, Apache users 
> only need two certs [one of them is a bundled cert].  I've installed 
> both, along with my key, and I _think_ I've done it 
> correctly, but you 
> never know.  I'm still new to this.
> 
> > Check the CA cert statement in config file.
> 
>    Here that section from my ssl.conf file:
> 
> <VirtualHost secure.nexelshelving.com:443>
> #  General setup for the virtual host
>      DocumentRoot "/etc/apache/htdocs/nexelshelving"
>     #ServerName has to match the server you entered into the CSR
>      ServerName secure.nexelshelving.com:443
>      ServerAdmin you@your.address
>      ErrorLog /etc/apache/logs/ssl/nexelshelving/ssl_engine_log
>      TransferLog /etc/apache/logs/access_log
>    SSLEngine on
>    SSLProtocol all -SSLv3
>    SSLCipherSuite 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateKeyFile   /etc/apache/ssl/certs/server.key
> SSLCertificateFile      /etc/apache/ssl/private/server.crt
> SSLCertificateChainFile /etc/apache/ssl/private/IPS-IPSCABUNDLE.crt
> </VirtualHost>
> 
> Thanks,
> Robert
> 
> ------------------------------

--------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to webmaster@telecomitalia.it.
        Thank you
                                        www.telecomitalia.it
--------------------------------------------------------------------



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message