I tried things similar. I use my own CA, whihc is self signed, and my server and client signed by my CA. I then point SSLCertificateFile, and SSLCertificateKeyFile to my server crt and key, and the SSLCertificateChainFile to my CA cert. using openssl I connect to my server with openssl s_client -connect localhost:8443 -state -cert client.crt -key client.key I get error msg: verify error:num=19:selfsigned certificate in certificate chain and the SSL_engine_log says: unable to get local isser certificate. Thanks for help. Norbert Wegener wrote: > I have setup my apache+mod_ssl (for the first time), created my own ca > and server certs. > > Now I want to grant access to a specific tree of my webserver only to > those clients, which have a cert from my ca. > I thought > <Directory /web/securearea> > SSLVerifyClient require > SSLVerifyDepth 1 > </Directory> > > would do the job, created a client cert and imported into a browser. > Using this cert I can access the protected area of my server. > Unfortunately I am requested for a certificate for every > subsequent access to that area. This is something, which I think is not > very userfriendly. > Is there a more userfriendly way to deal with this situation? > > Thanks > Norbert Wegener > > -- > Norbert Wegener Fax : (49) 201 2661 377 > SBS Essen Phone:(49) 201 2661 379 > Germany Mail: [EMAIL PROTECTED] > http://relax.sbs.de (intranet) > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -------------------- George Lu Oracle 503 525 3193
begin:vcard n:;George x-mozilla-html:FALSE adr:;;;;;; version:2.1 email;internet:[EMAIL PROTECTED] fn:George Lu end:vcard
