Re: Cannot get certificate chain to work. (Apache Users)

I found myself in a similar situation and I couldn't find the reason but I did find a workaround.

To work around this, make a pkcs12 file with all files in it, your private key and the whole chain up until the root CA certificate, then extract them back out from that pkcs12, using the extracted files.

My similar issue happened when I was generating the key and csr with openssl and someone else was signing my request with another software, all modulus matched, everything, but still for browsers the chain was not correctly constructed. I worked around it with the method I mention before.

Until someone can tell you what may really be happening this may be worth a try for you.

Good luck.

2014-10-06 17:51 GMT+02:00 dE <de.techno@xxxxxxxxx>:

Hi.

I'm in a situation where I got 3 certificates

server.pem -- the end user certificate which's sent by the server to the client.
intermediate.pem -- server.pem is signed by intermediate.pem's private key.
issuer.pem -- intermediate.pem is signed by issuer.pem's private key.

combined.pem is created by --

cat server.pem intermediate.pem > combined.pem

Issuer.pem is installed in the web browser.

The chain is working, I can verify this via the SSL command --

cat intermediate.pem issuer.pem > cert_bundle.pem
openssl verify -CAfile cert_bundle.pem server.pem
server.pem: OK

However the browsers (FF, Chrome, Konqueror and wget) fail authentication, claiming there are no certificates to verity server.pem's signature.

I'm using Apache 2.4.10 with the following --

SSLCertificateFile /tmp/combined.pem
SSLCertificateKeyFile /tmp/server.key

I can attach *.pem if you want.

Thanks for any assistance.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx