I don't think that you can have several SLCACertificateFile options and that all of then well be used by Apache. Try to use SSLCACertificatePath instead. See documentation on ssl_mod for instructions on how to correctly put CA certs into that directory. On Wed, Apr 9, 2008 at 8:43 AM, Christopher Ljungblad <christopher.ljungblad@xxxxxxxxx> wrote: > Hi, > > I am having problems with a client certification, having two certificates > (root and intermediate) as you can see below. > > When I try to sign this certificate I get this error: > > [Wed Apr 09 15:53:35 2008] [error] Certificate Verification: Error (2): > unable to get issuer certificate > [Wed Apr 09 15:53:35 2008] [error] Re-negotiation handshake failed: Not > accepted by client!? > > > In my conf.d/ssl.conf file I have configured the following. > I think this is where I do things wrong? > > <Location /servlets/*> > SSLVerifyClient require > SSLVerifyDepth 2 > SSLCACertificateFile > /etc/pki/tls/certs/xxx_e-legitimation_Root_CA_v.cer > SSLCACertificateFile /etc/pki/tls/certs/xxx_Inter_Root_CA_v.cer > </Location> > > (I did exactly the same thing with another client certificate that only had > one certificate and that worked fine), so this is the only difference in > configuration I have done and that is why I dont include all the other > configuration. > > Any suggenstions? > > Thanks > > Cheers > Chris -- Serge Dubrouski. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|