On Tue, Oct 7, 2014 at 2:51 AM, dE <de.tec...@gmail.com> wrote: > Hi. > > I'm in a situation where I got 3 certificates > > server.pem -- the end user certificate which's sent by the server to the > client. > intermediate.pem -- server.pem is signed by intermediate.pem's private key. > issuer.pem -- intermediate.pem is signed by issuer.pem's private key. > > combined.pem is created by -- > > cat server.pem intermediate.pem > combined.pem > > Issuer.pem is installed in the web browser. > > The chain is working, I can verify this via the SSL command -- > > cat intermediate.pem issuer.pem > cert_bundle.pem > openssl verify -CAfile cert_bundle.pem server.pem > server.pem: OK > > However the browsers (FF, Chrome, Konqueror and wget) fail authentication, > claiming there are no certificates to verity server.pem's signature. > > I'm using Apache 2.4.10 with the following -- > > SSLCertificateFile /tmp/combined.pem > SSLCertificateKeyFile /tmp/server.key > > Try this:
$ cat issuer.pem intermediate.pem > CA_chain.pem SSLCertificateFile server.pem SSLCertificateKeyFile server.key SSLCertificateChainFile CA_chain.pem
