DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14560>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14560 SSLCertificateChainFile behaviour different or broken vs. apache v1.3.x Summary: SSLCertificateChainFile behaviour different or broken vs. apache v1.3.x Product: Apache httpd-2.0 Version: 2.0.43 Platform: PC OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I found that the SSLCertificateChainFile directive was not behaving the same as it has in apache v1.3. According to the verisign, when using a global certificate, you need to use the above directive to provide the client with the Intermediate CA. So, in my old v1.3 configuration I had the following 3 directives: SSLCertificateChainFile ssl.crt/ca.crt SSLCertificateFile ssl.crt/server.crt SSLCertificateKeyFile ssl.key/server.key This doesn't work under apache2 however. The certificate in the chainfile never seems to be presented to the client. Clients were getting presented with the unrecognized signing authority error. According to the comments in the ssl.conf sample config file, you can also point it to the SSLCertificateFile if the intermediate CA is directly appended to the bottom of the file. This did fix the problem. Here's my specs: RH v7.3 openssl-0.9.6b-28 ./configure --prefix=/a01/app/dpxdemo/apache_2.0.43 --enable-mods-shared=all --enable-ssl Thanks, John --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
