I need to trust client certifcates issued by Netscape Certifcate Management Server 4.2. It has 2 options for use by a server: 1. Display the CA certificate chain in PKCS#7 for importing into a server 2. Display certificates in the CA certificate chain for importing individually into a server Neither of these selections output anything that I can use with modssl. With either one (or both for that matter) in ca-bundle.crt and SSLCACertificateFile /opt/apache/conf/ssl.crt/ca-bundle.crt in my httpd.conf, I get the following in my error log: [Thu Apr 19 21:52:42 2001] [error] mod_ssl: Init: (www.tvratings.com:443) Unable to configure verify locations for client authentication Has anyone else gotten modssl to work with client certificates signed by a Netscape Certificate Management Server 4.2? I've gotten it working with a version 1.1 server by selecting "Display individual certificates on the chain for server import.", which makes me think that I need the second option for 4.2. In case it helps here is the output for the first option: -----BEGIN CERTIFICATE----- MIICqwYJKoZIhvcNAQcCoIICnDCCApgCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIC fDCCAngwggHhoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwRjELMAkGA1UEBhMCVVMx GTAXBgNVBAoTEG5pZWxzZW5tZWRpYS5jb20xHDAaBgNVBAMTE0NlcnRpZmljYXRl IE1hbmFnZXIwHhcNMDEwMzE1MDUwMDAwWhcNMjUwMzE1MDUwMDAwWjBGMQswCQYD VQQGEwJVUzEZMBcGA1UEChMQbmllbHNlbm1lZGlhLmNvbTEcMBoGA1UEAxMTQ2Vy dGlmaWNhdGUgTWFuYWdlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvKqx eGa3wpE6yqzTatuQzo3XH2gZiUEYy3S34BJtGWk+5D7t2IrEVimTJC+9KfBLNH0G JBo7AGmm7FLRzQ8hSa5YtV2CqTqC/Vx1ocC2zquYl0G9alxCcZioaQy4RWFCLSyA B2mAatSSONpSEOXXHkgsYw9t0osIxAclIIs/PjcCAwEAAaN2MHQwEQYJYIZIAYb4 QgEBBAQDAgAHMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMGzJQFYlvak946P xhRaRbQDhOBlMB8GA1UdIwQYMBaAFMGzJQFYlvak946PxhRaRbQDhOBlMA4GA1Ud DwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOBgQAE0ZG0HBiQHJYLEHheRpOHOH+3 drMrQ70JS0T30eylOaFUKPC+rQ3JlbVXwjqBtvBvPTQNS+NqFNn5bYeaGsbxtsbI LQr00bM1mTesCv/+Q7C9sKvHbIS9j1UroBfwc/v9bGxCtWz1BFVpHWAm3+F957sB KaD4j1sxsZ3I7vxHmTEA -----END CERTIFICATE----- and here is the second: -----BEGIN CERTIFICATE----- MIICeDCCAeGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEZ MBcGA1UEChMQbmllbHNlbm1lZGlhLmNvbTEcMBoGA1UEAxMTQ2VydGlmaWNhdGUg TWFuYWdlcjAeFw0wMTAzMTUwNTAwMDBaFw0yNTAzMTUwNTAwMDBaMEYxCzAJBgNV BAYTAlVTMRkwFwYDVQQKExBuaWVsc2VubWVkaWEuY29tMRwwGgYDVQQDExNDZXJ0 aWZpY2F0ZSBNYW5hZ2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8qrF4 ZrfCkTrKrNNq25DOjdcfaBmJQRjLdLfgEm0ZaT7kPu3YisRWKZMkL70p8Es0fQYk GjsAaabsUtHNDyFJrli1XYKpOoL9XHWhwLbOq5iXQb1qXEJxmKhpDLhFYUItLIAH aYBq1JI42lIQ5dceSCxjD23SiwjEByUgiz8+NwIDAQABo3YwdDARBglghkgBhvhC AQEEBAMCAAcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUwbMlAViW9qT3jo/G FFpFtAOE4GUwHwYDVR0jBBgwFoAUwbMlAViW9qT3jo/GFFpFtAOE4GUwDgYDVR0P AQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4GBAATRkbQcGJAclgsQeF5Gk4c4f7d2 sytDvQlLRPfR7KU5oVQo8L6tDcmVtVfCOoG28G89NA1L42oU2flth5oaxvG2xsgt CvTRszWZN6wK//5DsL2wq8dshL2PVSugF/Bz+/1sbEK1bPUEVWkdYCbf4X3nuwEp oPiPWzGxncju/EeZ -----END CERTIFICATE----- Thanks in advance Mike ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
