Hello,
I need to have a secure channel between server and client and client authentication using cert. For a secure channel we have server cert from Thawte. For client auth I have made my own CA, signed a Intermediate cert and with that signed a client cert for athentication. CA -> My Intermediate cert -> Client cert. Client certs should be verified only whan they are signed by interediate cert, not CA directly nor by other Intermediate certs signed by this CA. So I configured Apache like that: SSLEngine on SSLProtocol all -SSLv2 SSLCertificateFile /path/to/thawte_server.cert SSLCertificateKeyFile /path/to/thawte_server.key SSLCACertificate /path/to/my_intermediate.crt SSLVerifyClient require SSLVerifyDepth 2 and also tried SSLCertificateChainFile /path/to/my_intermediate.crt+my_ca.crt With Chainfile configured I get an error: Unable to get a local issuer certificate. Withoutit verification fails with reason(199) Does this configuration require client cert from Thawte? Has anyone done this? What am I doing wrong? best wishes, Vlads P.S. Sorry about my english ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
