Hello, I have the following certificates structure: caroot (self-signed cert) |-----------------> ca1 -------------> user1 |-----------------> ca2 -------------> user2 |-----------------> ca3 -------------> server \-----------------> user3 user4 (self-signed cert) I want to give access to users with a valid certificate, and deny access to others. In this situation, a valid certificate is a certificate issued by ca1. Then, only user1 is authorized to access pages from Apache; user2 and user3 must be refused. From what I've understood, there is no way to deny access to user4, as it has a self-signed certificate. In short, here is my config: SSLCertificateFile server.pem SSLCertificateKeyFile server.key SSLCertificateChainFile caroot-ca3.pem SSLCACertificateFile ca1.pem SSLVerifyClient require SSLVerifyDepth 1 When I try to access a protected resource with Firefox, where the certificate from user1 has been imported, I get the following: [error] Certificate Verification: Error (20): unable to get local issuer certificate [info] SSL library error 1 in handshake [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Can anyone highlight my mistakes please? I really need to get it working. Thanks! -- Julien ALLANOS --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|