ok, running mod_ssl 2.8.1 and apache 1.3.19, made my own CA for the server and can connect via 443 with no problems. wanting to do plain certificate authentication via a client certificate, so in did: openssl pkcs12 -export -in /usr/local/apache/conf/ssl.crt/ca.crt -inkey /usr/local/apache/conf/ssl.key/ca.key -out file.p12 -name "my certificate" and loaded this "client certificate" in the client browser......having changed the httpd.conf to require SSLVerifyClient with a depth of 1 and the SSLCertificateFile set to conf/ssl.crt/ca.crt..... and I get this in the logs/ssl_engine_log file: [08/Mar/2001 12:43:57 02392] [error] SSL handshake failed (server xxx.xxx.com:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows) [08/Mar/2001 12:43:57 02392] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?] any ideas/advise as to which rabbit hole I should follow? -- william f guyton jr senior network engineer INFORMS 334.277.0372 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]