Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 8291 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

Hey everyone smile.gif

I just bought a VeriSign Global Server Certificate from BT Ignite <http://www.btignite.co.uk>, the first British company authorised to offer 128-bit SSL Server Certificates.

The process went smoothly and I just installed the certificate on my WebSTAR Server Suite 4.4.

However, I found that my Mac's Internet Explorer 5 was unable to establish a secure connection because 'the identity certificate

issuer is unknown'. All I get is the choice to 'cancel' or to 'continue'. If I continue then I don't get the padlock.

I downloaded the latest Mac Explorer 5.1 and I still get the same problem. I don't even get the option to verify and authenticate the certificate myself. (I was given this option by Netscape and Windows Internet Explorer 5)

I tried my Mac's Netscape 4 and I had to verify and authorise the certificate before it gave me a secure connection. I got the padlock after I verified it myself.

I tried Windows 98's Internet Explorer 5 and I had to verify and authorise the certificate. After I downloaded Windows Explorer 6, I was no longer prompted. Explorer 6 allowed me to access my secure web server without any need for certificate verification.

Do you know what is wrong? Does the Windows and Mac Internet Explorer 5 database of trusted certificates not include the latest VeriSign 128-bit SSL certificate?

I would be extremely grateful for any help you could give.

Thanks for your time.

Krishan.

Posted

This is a stange problem!!!

First thing to check

In IE5 go to Edit - Preferences - Security........VeriSign is at the bottom of the list check they are there.........i'm not sure how you go about installing them if you dont tongue.gif

My IE5 for Mac works fine with 128 bit certificates from VeriSign, so should yours when enabled as above.

If it still doesnt work.......

I have never had any trouble with my server certificate from BTIgnite with WebSTAR once i actually managed to get the thing! (wonderful BT!)

I use a secure server certificate (40 bit) rather than a global SC.

The first thing i would check is that you copied the certificate correctly from the email

-----BEGIN CERTIFICATE-----

Blah blah blah

-----END CERTIFICATE-----

making sure you don't have an spaces etc. and copy into a text only editor such as simple text.

make sure you have used the correct key file (WebSTAR should error if you don't but worth checking).

Set the security to SSL 2 & SSL 3 and tick the RC4-128 only.

The password must be correct otherwise WebSTAR would not have installed the certificate.

Installing a server certificate on WebSTAR really should be like falling off a log..........I would suggest there was something wrong with the certificate request...if the measures above are unsuccessful.......this should have been picked up when it was processed by BT though.......and definitely when they called your contact to verify your request.

laugh.giflaugh.gif

[ March 04, 2002, 06:43 AM: Message edited by: scratchmalogicalwax ]

Posted

Hey scratchmalogicalwax. smile.gifcool.gif

Thanks for your reply.

I did a bit of searching on the WebStar mailing list archives and found out that WebStar doesn't support Verisign's Global Server Certificate (128-bit SSL) because it comes in two parts and is a 'chained certificate'. WebStar was made for just one SSL certificate.

Verisign's Secure Server Certificate (40-bit SSL) doesn't come with an extra 'Intermediate Certificate' like the Global Server Certificate. So it just has one part to it.

These days, as long as the server supports 128-bit encryption and the browser accessing your site also supports 128-bit encryption, then the SSL will be 128-bit. Even if you're using a Secure Server Certificate known for its 40-bit SSL.

I think if you use an old browser, the GSC will still encrypt at 128-bit. But the SSC will only encrypt at the old browsers limited standard.

Since most users have the latest browsers, which have the ability to encrypt at 128-bit, then a Secure Server Cert will be fine. wink.gif

I'll probably put a javascript on my web site to determine what browser my users have. Then I'll be able to tell them to download the latest Internet Explorer if they have a really old browser which doesn't support 128-bit encryption.

I believe WebStar V for OSX supports the new 'certificate chain' Global Server Cert.

Thanks.

Kind regards

Krishan. smile.giflaugh.gif

This topic is 8291 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.