Full_Name: Rick Welykochy Version: 2.4.8-1.3.9 OS: Linux/RedHat 6.1 Submission from: (NULL) (203.23.60.73) The FAQ fails to mention something I dug up in the file mod_ssl-2.4.8-1.3.9/pkg.sslcfg/ca-bundle.crt, which mentions how setup root CAs for the server: ## This is a bundle of X.509 certificates of public ## Certificate Authorities (CA). These were automatically ## extracted from Netscape Communicator's certificate database ## (the file `cert7.db'). It contains the certificates in both ## plain text and PEM format and therefore can be directly used ## with an Apache+mod_ssl webserver for SSL client authentication. ## Just configure this file as the SSLCACertificateFile. I fiddled about for days trying to get Netscape to use a cert to authenticate. Tried the mod_ssl lsit without effect. Then the above gem made it all work. So simple, I thought it would be good to add the above to the FAQ, i.e. 105. I cannot get Netscape or IE to authenticate using a cert. Why? A: In most cases, try adding this to your httpd.conf file in the SSL section: SSLCACertificateFile conf/ssl.crt/ca-bundle.crt If this doesn't work, carefully examine the messages in error_log. It should become apparent that either your client cert is invalid or the server cannot find a root CA to autheniticate it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
