On Nov 30, 2006, at 9:43 AM, Mailing Lists wrote:
I did everything that godaddy/starfield said I needed to do. I downloaded the intermediate certificate and here is the entry in my ssl.conf file: I am using apache 2, on RedHat 9.
The problem is that your server is not sending the intermediate certificate. This means your browser cannot make the connection between the cert your server presents and the CA Certificate your browser has.
Try connecting to your server using openssl s_client -showcerts - connect www.piercebroscoffee.com:443 , and compare that to the same command directed at either godaddy.com:443 or issues.apache.org:443.
SSLCertificateFile /etc/httpd/conf/ssl.crt/ piercebroscoffee.com.crtSSLCertificateKeyFile /etc/httpd/conf/ssl.key/piercebroscoffee.com.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/sf_issuing.crt
The weird thing is that your configuration is exactly right. The ASF also has certificates from Godaddy, and we have exactly the same configuration down to the chain cert filename. Did you restart your server after you added the SSLCErtificateChainFile directive? Try a full stop-start perhaps?
Of course we're running httpd 2.2.3, but I can't imagine that this was broken in 2.0.40... this is fairly fundamental to server functionality and I figure either we or Red Hat would have fixed such an issue fortwith.
S. -- sctemme@xxxxxxxxxx http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Attachment:
smime.p7s
Description: S/MIME cryptographic signature