httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 44789] New: SSLCertificateChainFile doesn' t send intermediate cert anymore
Date Wed, 09 Apr 2008 18:26:59 GMT

           Summary: SSLCertificateChainFile doesn't send intermediate cert
           Product: Apache httpd-2
           Version: 2.2.8
          Platform: PC
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_ssl

So I've been using a GoDaddy ssl certificate for my site for a couple
of years and it's stopped working ever since upgrading to 2.2.8 (I
think I was 2.2.6 before).  The issue seems to be that Apache doesn't
send the intermediate signing certificate to the client which is necessary for
the client to validate my site certificate as signed by a trusted CA.

Basically my config looks like:

<VirtualHost *:443>
       DocumentRoot /var/www
       SSLEngine On
       SSLCipherSuite HIGH:MEDIUM
       SSLCertificateFile <path to cert>
       SSLCertificateKeyFile <path to key>
       SSLCertificateChainFile <path to GoDaddy intermediate cert>

I've debugged with wireshark & openssl s_client -showcerts and it's
correctly sending the ServerCertificate, but the certificate stored in
the intermediate is not sent, hence there's no trusted signing path.
Turning on debug logging, I do see:

[Tue Apr 08 12:33:30 2008] [debug] ssl_engine_init.c(664): Configuring
server certificate chain (1 CA certificate)

Which seems to indicate that it's loading the intermediate certificate file,
I'm at a loss beyond that. 

Feel free to test

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message