Re: Intermediate Certificate chaining problem?

[Evan Dillon]

I see that I have made a mistake in my configuration and corrected it, however now apache won't start in ssl mode: the ssl_engine_log shows the error "Failed to configure CA certificate chain!" Any ideas? A search for the string "Failed to configure CA certificate chain!" doesn't return much that is helpful

 

I changed

 

SSLCACertificateFile    conf/ssl.crt/ca.crt

 

to

 

SSLCertificateChainFile conf/ssl.crt/ca.crt

 

I have also installed the latest version of openssl

 

However, when starting apache this time around, the ssl_engin_log states:

[18/Nov/2002 16:36:39 09640] [info]  Server: Apache/1.3.27, Interface: mod_ssl/2.8.12, Library: OpenSSL/0.9.6g
...

[18/Nov/2002 16:36:39 09641] [info]  Init: (www.hr.utah.edu:443) RSA server certificate enables Server Gated Cryptography (SGC)
[18/Nov/2002 16:36:39 09641] [error] Init: (www.hr.utah.edu:443) Failed to configure CA certificate chain!

Thanks

 

Evan

>>> [EMAIL PROTECTED] 11/18/02 03:05PM >>>
On Monday 18 November 2002 02:59 pm, Ed Loehr wrote:
> > SSLCACertificateFile    conf/ssl.crt/ca.crt
>
> You didn't say but did you add the SSLCertificateChainFile
> directive to point to the intermediate ca.crt?
>
> BTW, 0.9.6e may have security issues, not sure.  There are 2 newer
> releases.

I'm not sure you need the SSLCACertificateFile directive.  The
default may point to a bundle of CA certs provided with the
distribution.

Regards,
Ed
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]