hi - when using certificate authentication for clients, does the certificate in the approved SSLCACertificatePath (or List) have to be a self-signed certificate? i would like to be able to explicitly trust specific, intermediate CAs, instead of the root CA and every intermediate CA that root CA signs. i tried setting SSLVerifyDepth to 1, and put the intermediate CA's cert in the appropriate path, but the only way apache seems to accept a client certificate is if the depth reaches the root cert, and the root cert is in the path. if this is working as intended, can someone (me?) add a note to the documentation saying that (unless it was supposed to be intuitively obvious to the casual observer). if not, what pitfalls might i have stumbled into? thanks in advance, barret
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
|