Fixed it, thanks. And did actually find the correct apache ssl documentation regarding this issue, just needed to add in the ssl configuration: SSLCertificateChainFile <path to chain file>
Regards Yildirim 2008/11/12 Yildirim Zaynal <[EMAIL PROTECTED]>: > That makes good sense actually.. > > Just to sum it up and make sure that I have understood it correctly: > > Add CA2 and CA3 public certificates to the apache server configuration, > Have the CA1(root ca) installed on client side. > > I am using apache 2.x version and reading the SSL config part of it I > never saw anything about configurating certs as in my case with CA2 > and CA3.. Rechecking again now i could confirm this. > > Can anybody point me to the right direction regarding this, a guide maybe? > > Thanks again, > Yildirim > > 2008/11/10 Massimiliano Pala <[EMAIL PROTECTED]>: >> Hi, >> >> you just need to add the CA2 and CA3 to the configuration of your >> servers. >> >> To correctly build the chain of certificates, the client application >> needs to know where to find them. If you do not use the PRQP, then >> you need to provide it via the SSL configuration of your web server. >> Indeed the standard says that the SSL/TLS server should push the full >> chain of certificates to the client (but the trust anchor - which I >> think it is optional). This will solve your problem and will let the >> client to trust all of your server certificates. >> >> Later, >> Max >> >> Yildirim Zaynal wrote: >>> >>> The environment: >>> >>> 1level root ca >>> 2level sub-ca signed by 1level root-ca >>> 3level sub-ca signed by 2level sub-ca >>> >>> server certificate signed with 3level sub-ca >>> >>> I have installed the 1level root ca public certificate on my browser, >>> and I am expecting that every server certificate i have signed with >>> the 3level sub ca will automatically be trusted. But the browser still >>> gives me warnings regarding the the server certificate signed by the >>> 3level sub-ca.. >>> >>> When i import the public certificate of 2level and 3level sub-ca's >>> into my browser then it does not produce any warnings.. For me it >>> seems natural that I only need the root ca certificate imported for >>> the browser to trust anything signed by 2level or 3level sub-ca's.. >>> >>> Am I right, should i export the 1level root certificate in some >>> specific way for this to work?? >>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>> challenge >>> Build the coolest Linux based applications with Moblin SDK & win great >>> prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the >>> world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> Openca-Users mailing list >>> Openca-Users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/openca-users >>> >> >> >> -- >> >> Best Regards, >> >> Massimiliano Pala >> >> --o------------------------------------------------------------------------ >> Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] >> [EMAIL PROTECTED] >> >> Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 >> PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 >> --o------------------------------------------------------------------------ >> >> People who think they know everything are a great annoyance to those of us >> who do. >> -- Isaac Asimov >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Openca-Users mailing list >> Openca-Users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openca-users >> >> > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
