​Have you tried setting the verify depth to 2? That way you hit the intermediate and root CA certs in the chain.
On Fri, 05/05/2017 01.58, Doug Maurer <d...@dmaurer.net> wrote: > We have a setup where we have to use MIL CAC's to access our site. It > currently works with SSLVerifyClient require and SSLVerifyDepth 10, but > we want to limit what the users see to just of the certs that is > presented. We tried changing the VerifyDepth to 1 and removed all the > non-email certs in the ca-bundle.crt file. But the problem we get is it > errors in the ssl_errors_log of AH02039: Certificate Verification: Error > (20): unable to get local issuer. Googling this error says it's missing a > intermediate cert. Tried to create by googling for instructions, but still > get the same thing. > > The 2.4.6-45 is from CentOS 7 > > Has anyone been able to get this to work? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >