I got a big problem with SSLVerifyClient. I had a similar problem before, but now the error(s?) is really more strange (in my point of view). I used this tutorial: http://fra.nksteidl.de/Erinnerungen/OpenSSL.php
I hae got two sections. One with only server-side-SSL (works), and a folder (called 'demo', with a file 'index.php') with client-side-SSL. When I call the site my browser askes me to choose a cert i want to uns to enter the site. I choose the right one (exportedvia pkcs), and then IE says "cannot find server or dns ", and firebird doesn't do anything (it stays on my startpage, but with the "lock"-symbol in Task). So I have got a Root_CA, a Server_CA and a User_CA. The Root_CA verifys the other 2 CAs. Server_CA verifys Server-Certificates (no problem). User_CA verifys Client-Certificates. I concated the Certificates from Root and User_CA "cat ..../RootCA.cert.pem ..../UserCA.cert.pem > UserCAchaincert.pem" My integration in apache: NameVirtualHost xxx.xxx.xxx.xxx:443 <VirtualHost xxx.xxx.xxx.xxx:443> ServerName test.de DocumentRoot /srv/www/htdocs/web3/html/test php_admin_value open_basedir /srv/www/htdocs/web3/html/test <IfModule mod_ssl.c> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLProtocol all AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLOptions +StdEnvVars +ExportCertData ErrorLog "/var/log/apache2/test/ssl.log" LogLevel debug SSLVerifyClient none SSLCertificateFile /etc/ssl/ServerCA/testcert.pem SSLCertificateKeyFile /etc/ssl/ServerCA/testkey.pem SSLCACertificateFile /etc/ssl/UserCA/UserCAchaincert.pem SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> <Location /demo> SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 1 </Location> If you need something more, just let me know. And thank you very much in advance for every helping idea, because i try to get this to work since weeks. Sven P.S: I use Suse Linux 9.0 with mod_ssl and openssl 0.9.7b (would like to update....) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]