[Dshield] 0wnlng Windows machines

Fuller, Kevin R. KFuller at DMV.CA.gov
Tue Feb 27 16:03:48 GMT 2007


I do Web Security testing for my agency and ran into the same problem.
It has to do with self-signed certificates and lack of trust.  It seems
IE7 chokes on non-public certificates and generates the certificate
error.   I haven't researched the fix yet.

Kevin Fuller
CCNP, GSNA, GCIA,GSEC, GWAS, GREM
ISD/System Test, DMV

-----Original Message-----
From: Tony Earnshaw [mailto:tonni at hetnet.nl] 
Sent: Sunday, February 25, 2007 2:47 PM
To: General DShield Discussion List
Subject: Re: [Dshield] 0wnlng Windows machines

Tony Earnshaw wrote, on 25. feb 2007 19:41:


"Alan" wrote to me off list, stating that his Windows IE7 browser had a 
certificate problem with our URL: Has anybody else the same problem with

that? We run Apache 2.0.52 with locally generated openssl non-root 
public, private and CA certs. Our pupils, teachers and staff with 
Windows have no problems accessing webmail on the same server (but they 
don't know about this url); perhaps I've entered the wrong Order and 
Allow values? I did check it out from my own remote site with Firefox 
2.0 and it works fine for me. I do have "SSLRequire 
%{SSL_CIPHER_USEKEYSIZE} >= 128" for this url, perhaps IE7 can't swallow

that? Hmmm ... yet another reason for finding Firefox 2.0 a really fine 
browser ...

--Tonni

-- 
Tony Earnshaw
Email: tonni at hetnet dot nl



More information about the list mailing list