On Tue, Jul 20, 1999, Holger Reif wrote:
> It should work the following (explained by Stephan Bauer
> <[EMAIL PROTECTED]>)
>
> Ralf, could you please update the README.GlobalID file?
>
> > Call the Verisign-Support and ask them to deliver the
> > Cert in the format for a Netscape-Server. Then you will get 2 Files
> > and they will work out of the box for Apache !
>
> Then set
>
> SSLCACertificateFile /opt/local/www/.../gid_intermediate.crt
> SSLCertificateFile /opt/local/www/.../gid_payment_ns.crt
>
> And you are gone.
Actually with mod_ssl 2.3.6 you now should use:
SSLCertificateFile /opt/local/www/.../gid_payment_ns.crt
SSLCertificateChainFile /opt/local/www/.../gid_intermediate.crt
>From the CHANGES:
*) Added new `SSLCertificateChainFile /path/to/file' directive. This can
point to a file containing the concatenation of PEM encoded CA
certificates which explicitly form the server certificate chain. This is
intended for instance for the Global-ID situation where one _has_ to
send the intermediate CA of Verisign with the GID while one wants to
avoid that under client authentication all clients issued by this CA are
accepted (which would happen when one references the CA cert via
SSLCACertificatePath or SSLCACertificateFile instead of
SSLCertificateChainFile).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
