"Ralf S. Engelschall" wrote:
> I think that's because NS 4.5 doesn't allow you to choose a certificate unless
> mod_ssl sends the list of accepted CA's and mod_ssl cannot send it unless you
> configure the CA with SSLCACertificatePath or SSLCACertificateFile. So, for
> instance put the Versign certificate which signed your _client_ cert into the
> ssl.crt dir.
Hmm. I had SSLCACertificatePath and SSLCACertificateFile pointing to a
CA certificate I made myself with openssl. I changed these to point to
the
mod_ssl ssl.crt directory and ssl_crt/ca-bundle.crt, respectively, and,
as
you say, netscape was able to give my personal certificate to the
mod_ssl
server. OK, I've always wondered what that CA bundle business was for.
What I'd really like is to have the server recongize the well known CAs,
plus any I create myself. Is there a way to add CA certificates to the
CA bundle?
--
Larry Mulcahy [EMAIL PROTECTED]
http://babylon5.spaceimaging.com/
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
