Hi,
After having success with my fresh "Apache/1.3.3 (Win32) mod_ssl/2.1b6
SSLeay/0.9.0b",
I tried to connect to the webserver with client certificates enabled,
but get
only a "Certificate Chain too long" in the error logfile. I'm using the
Snake Oil
Certificate on the server and a Thawte Freemail Certificate on the
client. My
Client is Netscape Communicator 4.5. Any Ideas, anyone?
Regards,
Hakan
httpd.conf:
SSLLogLevel debug
SSLVerifyClient optional_no_ca
ssl_engine.log:
[20/Oct/1998:18:20:07 +0200] [info] Connection to child 0 established
(server <my-hostname-here>:443)
[20/Oct/1998:18:20:10 +0200] [debug] Certificate Verification: depth: 1,
subject: /C=ZA/ST=Western Cape/L=Durbanville/O=Thawte
Consulting/OU=Thawte PF RSA IK 1998.9.16 17:55/CN=Thawte Personal
Freemail RSA Issuer 1998.9.16, issuer: /C=ZA/ST=Western Cape/L=Cape
Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte
Personal Freemail [EMAIL PROTECTED]
[20/Oct/1998:18:20:10 +0200] [debug] Certificate Verification:
Verifiable Issuer is configured as optional, therefore we're accepting
the certificate
[20/Oct/1998:18:20:10 +0200] [error] Certificate Verification:
Certificate Chain too long
[20/Oct/1998:18:20:10 +0200] [error] SSL connection acception failed
(SSLeay error follows)
[20/Oct/1998:18:20:10 +0200] [error] SSLeay: error:140890B1:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[20/Oct/1998:18:20:10 +0200] [info] Connection to child 0 closed (server
<my-hostname-here>:443)
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
