Full_Name: Marinus Damm Version: 2.0.13 OS: Linux Submission from: blv-proxy-05.boeing.com (12.13.226.15) httpd.conf has: ------------------------ SSLEnable SSLRequireSSL SSLCACertificateFile /usr/local/apache/etc/ssl.crt/ca-cert.crt SSLVerifyClient require SSLVerifyDepth 2 ------------------------ and Apache will verify client certs and allow access. ca-cert.crt has ONLY one issuer's certificate. (Only that issuer is to be trusted.) If I reduce the SSLVerifyDepth to 1 or 0, make no other changes, and restart Apache, access fails with "Server could not verify your certificate." My understanding is that if I have the signing cert of the CA I wish to trust, I can use a depth of 0 (meaning that clients' certificates must be signed by the trusted CA directly). Am I confused? ______________________________________________________________________ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
