> I presume you're not trying to explicitly construct the server certificate
> chain that is being sent to the browser, together with the actual server
> cert?
This is what I'm trying to do. I'm trying to send all the certificates
in the chain (expect the root) to the browser. This includes my server
certificate and the intermediate certificate.
If you try https://www.motorweb.co.nz/ in IE (I'm using 5.0) and click
on the padlock, look at the Certification Path. You'll see there is the
Primary CA, the www.verisign.com Intermediate CA and then the
www.motorweb.co.nz certificate. IE contains the Primary and Intermediate
CA and so works fine. Other browsers don't contain the Intermediate CA
and so can't complete the chain.
I need to get mod_ssl to serve up the Intermediate CA, and that's what
SSLCertificateChainFile is supposed to do. But adding that into
httpd.conf causes mod_ssl to die on startup: "Failed to configure CA
certificate chain!"
regards,
Damon.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
