Re: [cobalt-users] [OT] Comodo SSL Certs on Raq4r

[Greg Hewitt-Long <cobaltusers@xxxxxxxxxxxxxxxxxxx>]

> > Anyone come across problems with Comodo SSL certificates on Raqs,
>specifically running CGI script operations under the SSL environment.
><snip>
>>>Page Not Found page displayed.
>
>
>I've had this problem with both Thawte and Comodo certs. There are a couple
>of lines you can insert in the httpd.conf to fix it. It's in the Sun
>Knowledgebase.
>
>The new section will look like:
>
>[snip]
>

Actually, it's a known bug in IE only and it only related to SSL renegotiation - ie, then the SSL certificate re-authenticates.  That's why it doesn't occur on the first SSL call to the server, but can on subsequent, and is a little unpredictable.

You can fix it by adding these three lines to the http.conf file:

SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0


I have this just under the line that reads:

SSLCACertificateFile /etc/httpd/conf/ca-bundle


This used to be found in the Microsoft knowledgebase - but they may have either removed it.

The problem was actually found in IE5.5 and IE5.5 SP1, and fixed in IE5.5 SP2, but re-emerged when IE6.0 was released!!

You should not find this problem with Mozilla / Opera / Netscape (any version).

Add those three lines to httpd.conf (or the other solution offered), and you lose 128bit certification (as the code says, it downgrades SSL to SSL1.0, which I think is 45bit encryption - not even 56bit.

Anyway - you can fix it!

regards

Greg Hewitt-Long - AAA Business Hosting
-- 
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970) 266-0195   FAX: (970) 266-0158