Hello there, can any of you guys help me with this problem please ? I have been using mod_ssl and client authentication via apache for some time now without any problems. My Apache configuration has been the usual:
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLCACertificateFile /etc/httpd/conf/ssl.crt/cacert.crt No worries. Up until now the CA certificate has always been a self signed root CA. But today I need to use a web server cert signed by a sub CA and have my clients authenticated using certs from the sub CA. I did not think that this would be a problem, so I just copied the correct files in to the correct places (sub ca cert to SSLCACertificateFile and server cert to SSLCertificateFile). But I got a page not found error in IE and the Apache error: mod_ssl: Certificate Verification: Error (20): unable to get local issuer certificate OK, so I implemented the SSLCertificateChainFile with a bundle of the two certs in my chain, sub and root. I know openssl can get them because: openssl verify -CAfile chain.crt server.crt works a treat. I have now tried various combinations of chain file content (root ca, sub ca, etc) and even putting the chain certs in the server.crt file, but none of these helps. I am running an "up2date" RedHat 7.2 with out the box apache and mod ssl. Has anyone got an answer for me, please !!!!! I am sure this is possible, and none of the docs seem to sugest that I am going to have any issues. Chris... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
