Re: Cannot get certificate chain to work.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/07/14 18:12, Igor Cicimov wrote:


On Tue, Oct 7, 2014 at 2:51 AM, dE <de.techno@xxxxxxxxx> wrote:
Hi.

I'm in a situation where I got 3 certificates

server.pem -- the end user certificate which's sent by the server to the client.
intermediate.pem -- server.pem is signed by intermediate.pem's private key.
issuer.pem -- intermediate.pem is signed by issuer.pem's private key.

combined.pem is created by --

cat server.pem intermediate.pem > combined.pem

Issuer.pem is installed in the web browser.

The chain is working, I can verify this via the SSL command --

cat intermediate.pem issuer.pem > cert_bundle.pem
openssl verify -CAfile cert_bundle.pem server.pem
server.pem: OK

However the browsers (FF, Chrome, Konqueror and wget) fail authentication, claiming there are no certificates to verity server.pem's signature.

I'm using Apache 2.4.10 with the following --

SSLCertificateFile /tmp/combined.pem
SSLCertificateKeyFile /tmp/server.key


Try this:

$ cat issuer.pem intermediate.pem > CA_chain.pem

  SSLCertificateFile server.pem
  SSLCertificateKeyFile server.key
  SSLCertificateChainFile CA_chain.pem


Tried this on Apache 2.2 (SSLCertificateChainFile does not work with 2.4) with the same issue.
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux