This one time, at band camp, Jamie Wilkinson wrote: >I'm wondering if anyone's encountered this before, whether anyone thinks >it's a mod_ssl bug or an openssl bug, or anything.
Ok, tried with openssl s_server and s_client, and that does the right thing. The relevant config lines look like: <IfModule mod_ssl.c> SSLEngine on SSLCertificateChainFile /etc/ssl/ComodoSecurityServicesCA.crt SSLCertificateFile /etc/ssl/site_crt SSLCertificateKeyFile /etc/ssl/site_key </IfModule> It seems like mod_ssl is ignoring the SSLCertificateChainFile -- though it *is* reading the file, filesystem access times are changing. But I've found a hackish fix: <IfModule mod_ssl.c> SSLEngine on #SSLCertificateChainFile /etc/ssl/ComodoSecurityServicesCA.crt SSLCACertificateFile /etc/ssl/ComodoSecurityServicesCA.crt SSLCertificateFile /etc/ssl/site_crt SSLCertificateKeyFile /etc/ssl/site_key </IfModule> That now sends the correct certificates and the cert can be verified back to the root cert. Anyone know if the config has changed for new versions of mod_ssl? -- [EMAIL PROTECTED] http://spacepants.org/jaq.gpg -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
