Chris, You may have done this already, I had to change the "SSLVerifyDepth 1" in httpd.conf to 2. If memory serves me...
--Chris -- Christopher Harrington, CISSP NMI InfoSecurity Solutions 207-780-6381 http://www.nmi.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Covell Sent: Friday, October 24, 2003 1:41 PM To: OpenCA Subject: [Openca-Users] Client authentication Guys, I thought I would share this with you... I have now gone from a self signed CA issuing certificates to a self signed root CA, issuing Sub CA certs, and the sub CA issuing certs model. All well and good until I try and configure Apache for client authentication. I can not get this simple thing to work. I have been discussing the problems with the mod_ssl list and it seems as though i am configuring Apache correctly. I have tested on three seperate environments running two flavours of Linux. Consistantly I get the problem: "mod_ssl: Certificate Verification Error (24): invalid CA certificate". I was wondering if any of you have used OpenCA to generate Root and Sub CA's and then used client authentication to access the sub CA RA component and if you had any troubles. All the CA certificates validate using: "openssl verify...." command. The only thing I can think is that I set the extended key usage flags in the root CA, but surely this can't have this affect... Can it ? Chris... ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
smime.p7s
Description: S/MIME cryptographic signature
