httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44789] New: SSLCertificateChainFile doesn' t send intermediate cert anymore
Date Wed, 09 Apr 2008 18:26:59 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=44789

           Summary: SSLCertificateChainFile doesn't send intermediate cert
                    anymore
           Product: Apache httpd-2
           Version: 2.2.8
          Platform: PC
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: synfinatic@gmail.com


So I've been using a GoDaddy ssl certificate for my site for a couple
of years and it's stopped working ever since upgrading to 2.2.8 (I
think I was 2.2.6 before).  The issue seems to be that Apache doesn't
send the intermediate signing certificate to the client which is necessary for
the client to validate my site certificate as signed by a trusted CA.

Basically my config looks like:

<VirtualHost *:443>
       ServerName www.synfin.net
       DocumentRoot /var/www
       SSLEngine On
       SSLCipherSuite HIGH:MEDIUM
       SSLCertificateFile <path to cert>
       SSLCertificateKeyFile <path to key>
       SSLCertificateChainFile <path to GoDaddy intermediate cert>
</VirtualHost>

I've debugged with wireshark & openssl s_client -showcerts and it's
correctly sending the ServerCertificate, but the certificate stored in
the intermediate is not sent, hence there's no trusted signing path.
Turning on debug logging, I do see:

[Tue Apr 08 12:33:30 2008] [debug] ssl_engine_init.c(664): Configuring
server certificate chain (1 CA certificate)

Which seems to indicate that it's loading the intermediate certificate file,
but
I'm at a loss beyond that. 

Feel free to test https://www.synfin.net/


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message