Re: MIL CAC and mod_ssl for httpd 2.4.6 (Apache Users)

Re: MIL CAC and mod_ssl for httpd 2.4.6

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: users@xxxxxxxxxxxxxxxx

Subject: Re: MIL CAC and mod_ssl for httpd 2.4.6

From: rwebb <rwebb@xxxxxxxxxxxx>

Date: Fri, 5 May 2017 08:02:15 -0400

Cc: users@xxxxxxxxxxxxxxxx

Importance: Normal

In-reply-to: <3dcef166-fb26-6b8a-d05a-e92a59bf3db0@dmaurer.net>

Reply-to: users@xxxxxxxxxxxxxxxx

Reply-to: rwebb <rwebb@xxxxxxxxxxxx>

Have you tried setting the verify depth to 2? That way you hit the intermediate and root CA certs in the chain.

On Fri, 05/05/2017 01.58, Doug Maurer <doug@xxxxxxxxxxx> wrote:

We have a setup where we have to use MIL CAC's to access our site. It
currently works with SSLVerifyClient require and SSLVerifyDepth 10, but
we want to limit what the users see to just of the certs that is
presented. We tried changing the VerifyDepth to 1 and removed all the
non-email certs in the ca-bundle.crt file. But the problem we get is it
errors in the ssl_errors_log of AH02039: Certificate Verification: Error
(20): unable to get local issuer. Googling this error says it's missing a
intermediate cert. Tried to create by googling for instructions, but still
get the same thing.

The 2.4.6-45 is from CentOS 7

Has anyone been able to get this to work?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx