> Guys, > > > That's correct. We are using Apache authentication with three CA levels > > and it works. So it is definitly possible. > > Many thanks for the help. I have got this going on the pair of test CAs > (Root and sub). I knew I was not doing anything wrong in the configuration. > My only problem now is to work out what is wrong with the root CA > certificate in the other environment... >
I think I have found where the problem is. I set extended key usage fields in the CA extensions (server autnetication and secure email). This is the only difference I can see betweek certs that enable client authentication and certs that don't ! I did this so that the "Certificates Intended purposes" was visible in IE. But it seems like this was a bad move ! Thanks for the help guys. Chris... ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
