Pardon my posting these questions, but I did not see this addressed in any FAQs or HOWtos. I am having difficulty installing my CA signed certificates. I am not sure if the problem lies with the certificate itself or the root and chain certificates that also need to be installed. If it is the root and chain certificates then I need advice on combining these files ( I have 2 roots and 5 chains) or referencing all these files in the "httpd.conf" file.
The errors I receive in the SSL engine log are as follows: [07/Feb/2002 16:34:41 15385] [error] Init: (rwsidb002:443) Unable to configure v erify locations for client authentication (OpenSSL library error follows) [07/Feb/2002 16:34:41 15385] [error] OpenSSL: error:0D0A2007:asn1 encoding routi nes:d2i_X509_CINF:expecting an asn1 sequence [07/Feb/2002 16:34:41 15385] [error] OpenSSL: error:0D09F004:asn1 encoding routi nes:d2i_X509:nested asn1 error [07/Feb/2002 16:34:41 15385] [error] OpenSSL: error:0907400D:PEM routines:PEM_X5 09_INFO_read_bio:ASN1 lib [07/Feb/2002 16:34:41 15385] [error] OpenSSL: error:0B084009:x509 certificate ro utines:X509_load_cert_crl_file:missing asn1 eos The httpd daemon will not start when processing this certifcate. Is this the kind of problem seen if one is missing a chain certificate?? I have one of my root certificates installed but I'm not sure how to reference multiple chain files or multiple roots. For example, this section from the httpd.conf file reads: # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /u001/oracle/ui9ias/Apache/Apache/conf/ssl.crt/rootcace rt.crt It seems to imply only one certificate chain file can be referenced. If more than one chain files exists, they should be concatenated. If that is correct, what is the correct procedure for concatenation? Do you merely cut and paste all the chains together leaving intact the begin and end certificate header and tails for each file? Robert Clista Wright Research Site/Northrop Grumman Tel: (937) 255-4423 Fax: (937) 656-4308 [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
