Guys, just to ley you know that I have solved the problem. The CA cert I was using was bad (wrong extensions set). That is why Apache/mod_ssl was saying that it was an invalid CA cert. Using a different CA solved my problem and I can use client certs to log on fine now !
Many thanks for your help on this. Chris... On Friday 24 October 2003 18:00, Chris Covell wrote: > Many thanks to those of you who have helped me on this. > > Unfortunately I still have the problem. I have also duplicated the problem > on a completely different environment, so I think it is either me, or the > certificates I am using ! > > I have taken all of you advice and set up the web server like this: > > SSLCertificateFile .../conf/ssl.crt/server.crt > SSLCertificateKeyFile .../conf/ssl.key/server.key > SSLCACertificateFile .../conf/ssl.crt/cacert.crt > > SSLVerifyClient require > SSLVerifyDepth 2 > > where the cacert.crt file has both the sub and the root CA certificates in > it. > > The error I am getting in the apache log is: > > mod_ssl: Certificate Verification Error (24): invalid CA certificate > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]