|
Hi there I have seven certificates in /etc/pki/tls/certs/ca-bundle.crt.soosnecessarios file I have also, the same seven certificates in /usr/local/apache2/conf/certs folder, with hashes and the symbolic links: lrwxrwxrwx 1 root root 15 Aug 4 11:01 37eda7b0.r0 -> ECAutCC0004.pem lrwxrwxrwx 1 root root 15 Aug 4 11:01 3abdb128.r0 -> ECAutCC0003.pem lrwxrwxrwx 1 root root 17 Aug 4 11:59 4d654d1d.r0 -> GTEGlobalroot.pem lrwxrwxrwx 1 root root 15 Aug 4 11:01 4ff0f19f.r0 -> ECAutCC0002.pem lrwxrwxrwx 1 root root 9 Aug 4 11:00 50434d39.r0 -> CC001.pem lrwxrwxrwx 1 root root 16 Aug 4 11:03 747d995c.r0 -> ECRaizEstado.pem lrwxrwxrwx 1 root root 15 Aug 4 11:01 a5a6af2d.r0 -> ECAutCC0001.pem -rw-r-xr-x 1 root root 2179 Aug 4 10:56 CC001.pem -rw-r-xr-x 1 root root 2496 Aug 4 10:56 ECAutCC0001.pem -rw-r-xr-x 1 root root 2496 Aug 4 10:56 ECAutCC0002.pem -rw-r-xr-x 1 root root 2496 Aug 4 10:56 ECAutCC0003.pem -rw-r-xr-x 1 root root 2500 Aug 4 10:56 ECAutCC0004.pem -rw-r-xr-x 1 root root 1976 Aug 4 10:56 ECRaizEstado.pem -rw-r-xr-x 1 root root 875 Aug 4 11:58 GTEGlobalroot.pem when I use SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt.soosnecessarios in http.conf and, just for testing, SSLVerifyDepth 1 i get this error in error_log when validating a client access [Thu Aug 05 09:38:11.350521 2010] [error] [pid 9328] [client 10.15.1.74:51725] Certificate Verification: Certificate Chain too long (chain has 4 certificates, but maximum allowed are only 1) ok, nice, so far no problems here BUT if i use SSLCACertificatePath /usr/local/apache2/conf/certs i get [Thu Aug 05 09:36:20.041698 2010] [error] [pid 9250] [client 10.15.1.74:51655] Certificate Verification: Certificate Chain too long (chain has 3 certificates, but maximum allowed are only 1) only 3 certificates in chain?? Where are the fourth one? Can somebody explain what Iam doing wrong? please? Thanks, Luis |
|