On your demand I've today comitted a previously implemented SSLCertificateChainFile directive already for mod_ssl 2.3.6 (instead of 2.4.0 for which it was originally thought). This directive can point to a file containing the concatenation of PEM encoded CA certificates which explicitly form the server certificate chain. This is intended for instance for the Global-ID situation where one _has_ to send the intermediate CA of Verisign with the GID of the server while one wants to avoid that under client authentication all clients issued by this CA are accepted (which would happen when one references the CA cert via SSLCACertificatePath or SSLCACertificateFile instead of SSLCertificateChainFile). It will be released with mod_ssl 2.3.6 the next time (I don't know when), but is already available through the snapshot versions. So when you're using Global-IDs or have a similar situation where you want to explicitly construct the server certificate chain you should now evaluate this new facility. For this please grab ftp://ftp.modssl.org/snapshot/mod_ssl-SNAP-19990623.tar.gz or newer and try it out. Greetings, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]