Carlos,Make sure you delete your old intermediate.crt and copy down from the verisign site the appropriate intermediate certificate.
I had to do this two days ago :-) János On Apr 7, 2010, at 10:47 AM, Carlos Mennens wrote:
I have Apache running on my RHEL 5.4 web server and when someone goes to my website, they get a scary warning that tells them my secure site isn't safe because it can't be validated by a CA. I contacted my CA (Verisign) today and was told that my web server (Apache) isn't properly rendering my 'intermediate' certificate. I clearly show Apache is properly displaying my public certificate and can read my private SSL key so I don't know why it's missing the SSLCACertificateFile entry from my httpd.conf file: My entry looks as follows in 'httpd.conf': <VirtualHost *:443> DocumentRoot /var/www/html/int/main ServerName www.mydomain.tld:443 ServerAdmin webmaster@xxxxxxxxxxxx ErrorLog /var/log/httpd/www.mydomain.tld-int-error_log TransferLog /var/log/httpd/www.mydomain.tld-int-access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/ssl/www.crt SSLCertificateKeyFile /etc/httpd/conf/ssl/www.key SSLCACertificateFile /etc/httpd/conf/ssl/intermediate.crt Now I starting to look around and noticed I also have a /etc/httpd/conf.d/ssl.conf file and it too has a section to list SSL parameter/path. I am wondering if I need to also add my SSL www.crt, www.key, and intermediate.crt in the 'ssl.con' file also? Or could it be that simply that Apache doesn't have permissions to properly render the 'intermediate.crt' which makes no sense to me since it can see the www.crt & www.key fine and they all have the same permissions: [root@ideweb1 ssl]# ls -la total 24 dr-------- 2 root root 4096 Mar 26 14:36 . drwxr-xr-x 3 root root 4096 Apr 7 10:46 .. -r-------- 1 root root 1659 Jul 21 2009 intermediate.crt -r-------- 1 root root 1936 Mar 26 14:36 www.crt -r-------- 1 root root 887 Feb 11 2009 www.key -r-------- 1 root root 1931 Mar 26 14:36 www.orig Please help me understand this... -Carlos ---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx