Hi Micheal:

Are you able to post the certificate here? It sounds like the issue may be the
key usage, or an entry in some other field - I've seen results like this if
you don't have key agreement set, or some of the other fields mangled, or
particular security settings enabled in your certificate.

Patrick.


On Tuesday 10 October 2006 10:20, Richters, Eriks A wrote:
> This definitly sounds like an IE problem. Check MSDN,
> http://msdn.microsoft.com.
> If you can't find anything there, then contact MicroSoft Support.
> Unfortunately, unless you're a large corporation, its hard to get good
> support from them.
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailtowner-modssl-users@modssl.org] On Behalf Of Michael Pacey
> Sent: Tuesday, October 10, 2006 6:40 AM
> To: modssl-users@modssl.org
> Subject: Re: Encripted page would not load into IE
>
> Hmmm, sorry I'm not an IE expert but it sounds like you are at least on
> the right track. Maybe check on an IE list or forum?
>
> BB said:
> > Sorry, my mistake. The CA shows up in the list, but I get still the

>
> same
>
> > error.
> >
> >> I tried also to install the certificate of the CA in the Trusted Root
> >> Certification Authorities folder. It says Import Successfull, but my

>
> CA
>
> >> doesn't show up in the list.
> >>
> >> Any hints?
> >>
> >>> Apparently, it's someting wrong with the certificates, as IE Watch
> >>> gets:
> >>>
> >>> ERROR_INTERNET_SEC_INVALID_CERT
> >>>
> >>> What could this be? Firefox works just fine with these certs.
> >>> Additionaly,
> >>> pop3s and imaps from Dovecot work fine with the same certs, even

>
> with
>
> >>> MS
> >>> Outlook and Outlook Express clients.
> >>>
> >>> It's a self created CA, with self signed certificates.
> >>>
> >>> Any suggestions for what should I check further?
> >>>
> >>> Thank you in advance!
> >>>
> >>> BBR
> >>>
> >>>> BB said:
> >>>>> I made the tests with IE from at least 4 different computers,

>
> located
>
> >>>>> in
> >>>>> networks from 3 different ISP's.
> >>>>>
> >>>>> Yes, the connection is done, because ith shows up instantly with
> >>>>> tail -f /var/log/apache/ssl_engine_log
> >>>>
> >>>> Sounds weird. You could try installing an HTTP capture tool like IE
> >>>> Watch
> >>>> and seeing if that gives any useful info.
> >>>>
> >>>> --
> >>>> Michael Pacey

>
> __________________________________________________ ____________________
>
> >>>> Apache Interface to OpenSSL (mod_ssl)

>
> www.modssl.org
>
> >>>> User Support Mailing List

>
> modssl-users@modssl.org
>
> >>>> Automated List Manager

>
> majordomo@modssl.org
>
>
>
>
> __________________________________________________ ____________________
>
> >>> Apache Interface to OpenSSL (mod_ssl)

>
> www.modssl.org
>
> >>> User Support Mailing List

>
> modssl-users@modssl.org
>
> >>> Automated List Manager

>
> majordomo@modssl.org
>
>
>
>
> __________________________________________________ ____________________
>
> >> Apache Interface to OpenSSL (mod_ssl)

>
> www.modssl.org
>
> >> User Support Mailing List

>
> modssl-users@modssl.org
>
> >> Automated List Manager

>
> majordomo@modssl.org
>
> > __________________________________________________ ____________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org


--
Patrick Patterson
President and Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org