Hello All
Though I did not get any response for my question, having already
resolved it, I thought it will be a good idea to post it.
I was missing the following:
Should have used SSLProxyVerifyDepth 4 instead of SSLVerifyDepth 4
Now it's all good.
HTH
Aman Raheja
http://www.techquotes.com
Aman Raheja wrote:
1. apache 2.0.54 on Sol 8
2. I have the following in a vhost used for client auth proxy
SSLProxyEngine On
SSLVerifyDepth 4
SSLProxyVerify require
SSLProxyCACertificateFile "/usr/local/apache/server2/ssl/CA.pem"
SSLProxyMachineCertificateFile
"/usr/local/apache/server2/ssl/client.pem"
3. When I run the following on command line
openssl s_client -connect >servername>:443 -cert
/usr/local/apache/server2/ssl/client.pem -CAfile
/usr/local/apache/server2/ssl/CA.pem
I get, in the last line
Verify return code: 0 (ok)
which verifies my certs.
4. But through the browser I get Internal Server Error and in the
error log
[Mon Jun 06 13:58:39 2005] [error] Certificate Verification:
Certificate Chain too long (chain has 4 certificates, but maximum
allowed are only 1)
5. Now, my CA has a chain of 4 certs and I have specified the
SSLVerifyDepth in the config to be 4.
What's missing?
TIA
Aman
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]