That makes good sense actually.. Just to sum it up and make sure that I have understood it correctly:
Add CA2 and CA3 public certificates to the apache server configuration, Have the CA1(root ca) installed on client side. I am using apache 2.x version and reading the SSL config part of it I never saw anything about configurating certs as in my case with CA2 and CA3.. Rechecking again now i could confirm this. Can anybody point me to the right direction regarding this, a guide maybe? Thanks again, Yildirim 2008/11/10 Massimiliano Pala <[EMAIL PROTECTED]>: > Hi, > > you just need to add the CA2 and CA3 to the configuration of your > servers. > > To correctly build the chain of certificates, the client application > needs to know where to find them. If you do not use the PRQP, then > you need to provide it via the SSL configuration of your web server. > Indeed the standard says that the SSL/TLS server should push the full > chain of certificates to the client (but the trust anchor - which I > think it is optional). This will solve your problem and will let the > client to trust all of your server certificates. > > Later, > Max > > Yildirim Zaynal wrote: >> >> The environment: >> >> 1level root ca >> 2level sub-ca signed by 1level root-ca >> 3level sub-ca signed by 2level sub-ca >> >> server certificate signed with 3level sub-ca >> >> I have installed the 1level root ca public certificate on my browser, >> and I am expecting that every server certificate i have signed with >> the 3level sub ca will automatically be trusted. But the browser still >> gives me warnings regarding the the server certificate signed by the >> 3level sub-ca.. >> >> When i import the public certificate of 2level and 3level sub-ca's >> into my browser then it does not produce any warnings.. For me it >> seems natural that I only need the root ca certificate imported for >> the browser to trust anything signed by 2level or 3level sub-ca's.. >> >> Am I right, should i export the 1level root certificate in some >> specific way for this to work?? >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Openca-Users mailing list >> Openca-Users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openca-users >> > > > -- > > Best Regards, > > Massimiliano Pala > > --o------------------------------------------------------------------------ > Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] > [EMAIL PROTECTED] > > Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 > PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 > --o------------------------------------------------------------------------ > > People who think they know everything are a great annoyance to those of us > who do. > -- Isaac Asimov > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
