So I've been using a GoDaddy ssl certificate for my site for a couple
of years and it's stopped working ever since upgrading to 2.2.8 (I
think I was 2.2.6 before).  The issue seems to be that Apache doesn't
send the intermediate signing certificate to the client.

Basically my config looks like:

<VirtualHost *:443>
        DocumentRoot /var/www
        SSLEngine On
        SSLCipherSuite HIGH:MEDIUM
        SSLCertificateFile /opt/local/etc/
        SSLCertificateKeyFile /opt/local/etc/
        SSLCertificateChainFile /opt/local/etc/

I've debugged with wireshark & openssl s_client -showcerts and it's
correctly sending the ServerCertificate, but the certificate stored in
sf_issuing.crt is not sent, hence there's no trusted signing path.
Turning on debug logging, I do see:

[Tue Apr 08 12:33:30 2008] [debug] ssl_engine_init.c(664): Configuring
server certificate chain (1 CA certificate)

Which seems to indicate that it's loading he sf_issuing.crt file, but
I'm at a loss beyond that.  Any ideas/suggestions?


Aaron Turner - Pcap editing & replay tools for Unix
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to