Hello, i am playing around with client certs. It works just fine, except the issue that i would like to allow client certs signed by multiple different CA's. I've got the certs of those trusted CA's in the folder targeted by SSLCACertificatePath folder and completed with hash.N symlinks as requested. So far, the access is successful only if i address ONLY ONE CA cert with SSLCACertificateFile (and browser offers me only that client cert of the same CA). It works for any of the CA's in CertificatePath, but only one at a time. If i use the CertificatePath instead of File, something inside apparently works, as the browser offers me a selection of ALL applicable client certs, which is basically the desired behavior. But i get that nasty error in SSL log file "no client certificate returned" afterwards, the same as if the CA of client cert is not trusted.
Is that a browser issue (some IE 5.5 i think) ? Am i using CertificatePath right? Yes i know i can concat all CA certs in one file and use the CertificateFile directive, but what is the hash symlinks indexing for then? Thanks, Marvin. ______________________________________________________________________ Reklama: Prekvapive dobry signal! Presvedcte se v Oskar Testu ... http://www.oskarmobil.cz/oskartest ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
