When I worked at DoD I placed their root CA cert first, then the intermediate CAs after, all concatenated into one file that I then pointed to with ServerCAFile -- this worked fine. Ensure you don't have any corruption of the file, as might happen if it has DOS-style line endings.
/s.
On Feb 27, 2004, at 2:13 PM, Matthew Ragan wrote:
As I'm sure a number of people are aware, Verisign's intermediate CA that they were using to sign their certificates has expired, and their fix is to have the server send out an updated intermediate certificate as part of the certificate chain during the SSL negotiation.
We have attempted to do this using AOLserver 3.4 and nsopenssl 2.1b-beta1, but have so far been unsuccessful with anything that we've tried, which has included the following:
* setting the Verisign intermediate cert by appending it to the cert file, as it says should work in the comments in init.c in the nsopenssl source * setting the intermediate cert by specifying it as the option to the ServerCAFile directive (similar to Verisign's instructions for how to fix Apache) * putting the hashed intermediate cert into the directory specified by the ServerCADir directive
I have searched for information on how to do this with AOLserver with no luck whatsoever. Has anyone else successfully gotten this to work?
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
