> Running openssl x509 -text -in on the CA certificate looks fine (CA has
> CA:TRUE, pathlen:0 in the x509v3 basic constraints section). Would
> appreciate any pointers.
>
> Sazli,
Your pathlength should be set at a minimum to 1 for your CA. Pathlength of
0 should only be for non CA certificates (your server and client certs) as a
zero pathlength says that the cert is not a CA (in other words, a length
greater than zero is a CA and the greater the number the higher the app may
have to walk up the chain to find the root). So, you need to re-create your
CA and make the cert path length at least to 1.
Hope this helps.
Lorrayne
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
