On 10/07/14 18:12, Igor Cicimov wrote:
On Tue, Oct 7, 2014 at 2:51 AM, dE <[email protected] <mailto:[email protected]>> wrote:Hi. I'm in a situation where I got 3 certificates server.pem -- the end user certificate which's sent by the server to the client. intermediate.pem -- server.pem is signed by intermediate.pem's private key. issuer.pem -- intermediate.pem is signed by issuer.pem's private key. combined.pem is created by -- cat server.pem intermediate.pem > combined.pem Issuer.pem is installed in the web browser. The chain is working, I can verify this via the SSL command -- cat intermediate.pem issuer.pem > cert_bundle.pem openssl verify -CAfile cert_bundle.pem server.pem server.pem: OK However the browsers (FF, Chrome, Konqueror and wget) fail authentication, claiming there are no certificates to verity server.pem's signature. I'm using Apache 2.4.10 with the following -- SSLCertificateFile /tmp/combined.pem SSLCertificateKeyFile /tmp/server.key Try this: $ cat issuer.pem intermediate.pem > CA_chain.pem SSLCertificateFile server.pem SSLCertificateKeyFile server.key SSLCertificateChainFile CA_chain.pem
Tried this on Apache 2.2 (SSLCertificateChainFile does not work with 2.4) with the same issue.
