Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 70370 invoked from network); 9 Apr 2008 18:29:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 9 Apr 2008 18:29:59 -0000 Received: (qmail 78009 invoked by uid 500); 9 Apr 2008 18:29:59 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 77984 invoked by uid 500); 9 Apr 2008 18:29:59 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 77970 invoked by uid 99); 9 Apr 2008 18:29:59 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2008 11:29:59 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2008 18:29:05 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id 8CEA1234C0C2; Wed, 9 Apr 2008 11:26:59 -0700 (PDT) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 44789] New: SSLCertificateChainFile doesn' t send intermediate cert anymore X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: newchanged X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_ssl X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: synfinatic@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Wed, 9 Apr 2008 11:26:59 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=44789 Summary: SSLCertificateChainFile doesn't send intermediate cert anymore Product: Apache httpd-2 Version: 2.2.8 Platform: PC OS/Version: Mac OS X 10.4 Status: NEW Severity: major Priority: P2 Component: mod_ssl AssignedTo: bugs@httpd.apache.org ReportedBy: synfinatic@gmail.com So I've been using a GoDaddy ssl certificate for my site for a couple of years and it's stopped working ever since upgrading to 2.2.8 (I think I was 2.2.6 before). The issue seems to be that Apache doesn't send the intermediate signing certificate to the client which is necessary for the client to validate my site certificate as signed by a trusted CA. Basically my config looks like: ServerName www.synfin.net DocumentRoot /var/www SSLEngine On SSLCipherSuite HIGH:MEDIUM SSLCertificateFile SSLCertificateKeyFile SSLCertificateChainFile I've debugged with wireshark & openssl s_client -showcerts and it's correctly sending the ServerCertificate, but the certificate stored in the intermediate is not sent, hence there's no trusted signing path. Turning on debug logging, I do see: [Tue Apr 08 12:33:30 2008] [debug] ssl_engine_init.c(664): Configuring server certificate chain (1 CA certificate) Which seems to indicate that it's loading the intermediate certificate file, but I'm at a loss beyond that. Feel free to test https://www.synfin.net/ -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org