Eleftheria Petraki wrote:
Hi all,
Hello Elefteria,
with the intermediate CA in the SSLCertificateChainFile the openssl s_client -connect ..., returns verify code: 0 (ok). The certificate chain reports two certificates, the server and the intermediate CA certificate with the correct issuers, while just after CONNECTED(0000004) I can see all the certificates in the chain included the root CA.
Beware: The certificate verify code in s_client has is still room for improvement. So s_client having an verify code 0 doesn't say that the certificate chain is correct and complete...
However I still cannot see the page with IE even though the root CA certificate is correctly imported. Mozilla works only if both root and intermediate certificates are imported.
??? Strange. I remember doing a verify test with an certificate chain with root and intermediate CA. And AFAIR Mozilla had no problem with only the root known. I think for chaining to work, the CA certificates must be version 3 certificates with basicConstrains- and keyUsage- extensions set. Could you send me the certificates ? Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature