Hello AllThough I did not get any response for my question, having already resolved it, I thought it will be a good idea to post it.
I was missing the following: Should have used SSLProxyVerifyDepth 4 instead of SSLVerifyDepth 4 Now it's all good. HTH Aman Raheja http://www.techquotes.com Aman Raheja wrote:
1. apache 2.0.54 on Sol 8 2. I have the following in a vhost used for client auth proxy SSLProxyEngine On SSLVerifyDepth 4 SSLProxyVerify require SSLProxyCACertificateFile "/usr/local/apache/server2/ssl/CA.pem"SSLProxyMachineCertificateFile "/usr/local/apache/server2/ssl/client.pem"3. When I run the following on command lineopenssl s_client -connect >servername>:443 -cert /usr/local/apache/server2/ssl/client.pem -CAfile /usr/local/apache/server2/ssl/CA.pemI get, in the last line Verify return code: 0 (ok) which verifies my certs.4. But through the browser I get Internal Server Error and in the error log[Mon Jun 06 13:58:39 2005] [error] Certificate Verification: Certificate Chain too long (chain has 4 certificates, but maximum allowed are only 1)5. Now, my CA has a chain of 4 certs and I have specified the SSLVerifyDepth in the config to be 4.What's missing? TIAAman
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|