On Mon, 13 Sep 2010, Ashish Thapliyal wrote: > From the openssl s_client log it looks like the server is not sending the > whole certificate chain. You should be seeing something like: <root > cert> <intermediate cert> <your cert> > > I am not familiar with apache, but from the documentation at > http://www.apache-ssl.org/docs.html#SSLCACertificateFile, my guess is > that you have not added all the intermediate roots to the > CACertificatesFile
Thanks for the response. I'm pretty sure the web server is configured correctly. Before I added the CACertificatesFile directive, I was getting security errors from firefox/IE/et al; whereas after I added it web browsers seems to be working fine. Also, gnutls-client works correctly and lists the entire CA chain, which would also seem to indicate the server is supplying them. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
