Since I haven't gotten too much of a response yet (expect for thanks to
Juha) I'll post my VirtualHost in httpd.conf, which I probably should
have done in the first place.
If I uncomment the SSLCertificateChainFile line then the following
appears in the log and apache won't start...
"[error] mod_ssl: Init: (www.motorweb.co.nz:443) Failed to configure CA
certificate chain!"
I've copied my original message at the bottom of this one which contains
the contents of /etc/httpd/conf/ssl.crt/intermediate_ca.crt (as I got it
from Verisign's site).
I've seen this solution to the Global ID Intermediate CA problem
documented all over the web, but can't get it to work. There must be
somethng obviously wrong with what I've done.
yours in desperation,
Damon.
---------- VirtualHost ------------
ServerName www.motorweb.co.nz
SSLEngine on
# The following hopefully get around the MSIE 4.x and 5.0 SGC bug
# SSLCipherSuite
ALL:!ADH:!EXPORT56:!SSLv3+EXP:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
# The following defintely gets around the MSIE 4.x and 5.0 SGC bug but
SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
# SSLCertificateChainFile /etc/httpd/conf/ssl.crt/intermediate_ca.crt
# SSLLog /var/log/httpd/ssl_engine_log
# SSLLogLevel debug
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-------- Original Message --------
Subject: SSLCertificateChain file for Intermediate CA
Date: Thu, 17 May 2001 15:47:46 +1200
From: Damon Maria <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
I'm using a Verisign Global ID and therefore need to configure modssl to
serve up the Intermediate CA. I've followed the various instructions
I've found for this but with no success.
I downloaded the Intermediate CA and saved it under intermediate_ca.crt
(I've listed it at the bottom of this message). I then added...
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/intermediate_ca.crt
into my VirtualHost next to all the other SSL* settings. But if I start
Apache with this setting it reports...
[error] mod_ssl: Init: (www.motorweb.co.nz:443) Failed to configure CA
certificate chain!
I've tried SSLLogLevel debug but this doesn't produce any more
information.
I've been trying for ages and am getting desperate, can someone help me
out.
thanks in advance,
Damon Maria.
-----BEGIN CERTIFICATE-----
MIIEMTCCA5qgAwIBAgIQI2yXHivGDQv5dGDe8QjDwzANBgkqhkiG9w0BAQIFADBfMQswCQYD
VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTcwNDE3MDAwMDAwWhcN
MDQwMTA3MjM1OTU5WjCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUG
A1UECxMOVmVyaVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwg
U2VydmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5j
b3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx
veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01OOfdcSVq4
wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOCAZAwggGMMA8GA1Ud
EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjAgBgNVHSUEGTAX
BgpghkgBhvhFAQgBBglghkgBhvhCBAEwggE1BgNVHSAEggEsMIIBKDCCASQGC2CGSAGG+EUB
BwEBMIIBEzAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzCB5gYI
KwYBBQUHAgIwgdkwFRYOVmVyaVNpZ24sIEluYy4wAwIBARqBv1ZlcmlTaWduJ3MgQ2VydGlm
aWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQsIHd3dy52ZXJpc2lnbi5jb20vQ1BTLCBnb3Zl
cm5zIHRoaXMgY2VydGlmaWNhdGUgJiBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlIGhl
cmVpbi4gU09NRSBXQVJSQU5USUVTIERJU0NMQUlNRUQgJiBMSUFCSUxJVFkgTFRELiAoYykx
OTk3IFZlcmlTaWduMA0GCSqGSIb3DQEBAgUAA4GBALiMmMMrSPVyzWgNGrN0Y7uxWLaYRSLs
EY3HTjOLYlohJGyawEK0Rak6+2fwkb4YH9VIGZNrjcs3S4bmfZv9jHiZ/4PC/NlVBp4xZkZ9
G3hg9FXUbFXIaWJwfE22iQYFm8hDjswMKNXRjM1GUOMxlmaSESQeSltLZl5lVR5fN5qu
-----END CERTIFICATE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
