Internet Explorer Security Warning Using Self Signed Certificates

We are using self signed certificates on our Apache server.

Previously we were able to use the

SSLCACertificateFile /conf/apache/trustroots.ber
or
SSLCertificateChainFile /conf/apache/chain.ber

directives to push the chain of certifiers to IE without IE
complaining. It would read the chain that was pushed with the
certificate and the session would continue.


For the past 6 to 8 months or so Internet Explorer has been throwing
security warnings saying ...

"The security certificate was issued by a company you have not chosen
to trust. View the certificate to determine whether you want to trust
the certifying authority."


I know this is not a modssl issue. The directives used to work, and still =
do.

If you leave the directive out of the httpd.conf file, the browser
does not show a certificate chain. With either directive, the browser
will display the complete chain.

I realize that installing the signing CA into IE's (and Mozilla's for
that matter) CA store will resolve the issue, but that's incredibly
difficult to do across many enterprises.

I suspect that this is an "Anti-Phishing" security change in IE but
cannot find anything related on the web. I have been googling and
cannot find anybody experiencing an issue similar to this. Has anybody
on this list seen anything akin to this?



BJ
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org