I have this setup, this should work... SSLCertificateFile /opt/DKBapache/conf/ssl.crt/server.crt SSLCertificateKeyFile /opt/DKBapache/conf/ssl.key/server.key SSLCACertificateFile /opt/DKBapache/conf/ssl.crt/CA.crt SSLVerifyClient require SSLVerifyDepth 2
The CA.crt file contains the Root and intermediate certs. These are also used at startup to make the server cert chain (our client and server certs have the same root, use SSLCertificateChainFile for the server chain if not). Make sure you you have the SSLVerifyDepth 2 line. Regards Matt --- Chris Covell <[EMAIL PROTECTED]> wrote: > Hello there Martial, > > many thanks for you quick reply. > > > We also have: root CA -> sub CA -> client or > server cert > > > > we have put the root and sub CA in a directory > pointed by: > > SSLCACertificatePath > > > > In seperate files ? > > > In this directory we have the attatched Makefile > that we run to make a > > hash of all CA and link the result of the hash > to eatch CA. > > > > This work fine whith apache 1.3.3x to the latest > 2.4. > > Did you use "SSLCertificateChainFile" in the > httpd.conf ? > > Chris... > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
