We have a setup where we have to use MIL CAC's to access our site. It currently works with SSLVerifyClient require and SSLVerifyDepth 10, but we want to limit what the users see to just of the certs that is presented. We tried changing the VerifyDepth to 1 and removed all the non-email certs in the ca-bundle.crt file. But the problem we get is it errors in the ssl_errors_log of AH02039: Certificate Verification: Error (20): unable to get local issuer. Googling this error says it's missing a intermediate cert. Tried to create by googling for instructions, but still get the same thing. The 2.4.6-45 is from CentOS 7 Has anyone been able to get this to work? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|