Re: How to make the browser download a chain of certificates

Sat, 03 Mar 2001 03:13:03 -0800 

Hi,

thanks for your answer. You mentioned problems with user certs running
apache in the described way below. Could you please go in more details?

Furthermore the described configuation makes the certs visible to the
browser for the complete chain. But I need to know if it is possible to
offer to the browser to import the root cert automatically> Is there a way
or do you have an idea how to manage this?

regards
        Harald

-------------------------------------------------------------------------------

     Dr. Harald Falkenberg         Deutsches Elektronensynchrotron (DESY)
                                   Notkestr. 85, 22603 Hamburg, Germany
     Phone: +49-40 8998-3753       Fax.: +49-40 8994-3753
     E-Mail: [EMAIL PROTECTED]

-------------------------------------------------------------------------------

On Fri, 23 Feb 2001, Tim Tassonis wrote:

> Hi Harard
> 
> > from the root CA to the web server certificate we have several levels.
> Is
> > there a way to offer the web browser all certificates in this chain,
> which
> > can than be saved in the browser certificate database in one gulp? 
> > 
> > I saw that there are directive in Apache to do this, but my first steps
> > went fail. If someone could give me a short description or example how
> to
> > do it, I would be very glad.
> 
> The directive is:
> 
> SSLCertificateChainFile    /opt/apache/conf/ssl.crt/server_chain.crt
> 
> It should contain the PEM encoded certificate chain of the CA that signed
> the server certificate one after the other (root, internediates). You
> don't have to pu the server certificate itself in it, this will be taken
> from
> 
> SSLCertificateFile    /opt/apache/conf/ssl.crt/server.crt
> 
> as usual.
> 
> This works very well until you start to do client authentication with the
> same CA, then you are more or less fucked.
> 
> Bye
> Tim
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to