httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fjan...@superiorshelving.com
Subject Re: [users@httpd] RE: Certificate not recognized by browsers
Date Tue, 09 Mar 2004 16:57:53 GMT
Salve Gianluca,

> it seems that you just didn't show your intermediate CA certificate to 
> the server.

   That's what I thought, too, but according to ipsCA's testing web page 
<< http://certs.ipsca.com/checkserver/ >>, everything appears to be 
O.K.

> Here your three certs, root (IPS SERVIDORES), CA (ipsCA A1), server 
> (server).
> Root and server is OK, but your server should propose also the 
> intermediate CA to the client so it can resolve the entire cert path.

   According to ipsCA << 
http://certs.ipsca.com/Support/CSRApache-MOD-SSL.asp >>, Apache users 
only need two certs [one of them is a bundled cert].  I've installed 
both, along with my key, and I _think_ I've done it correctly, but you 
never know.  I'm still new to this.

> Check the CA cert statement in config file.

   Here that section from my ssl.conf file:

<VirtualHost secure.nexelshelving.com:443>
#  General setup for the virtual host
     DocumentRoot "/etc/apache/htdocs/nexelshelving"
    #ServerName has to match the server you entered into the CSR
     ServerName secure.nexelshelving.com:443
     ServerAdmin you@your.address
     ErrorLog /etc/apache/logs/ssl/nexelshelving/ssl_engine_log
     TransferLog /etc/apache/logs/access_log
   SSLEngine on
   SSLProtocol all -SSLv3
   SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateKeyFile   /etc/apache/ssl/certs/server.key
SSLCertificateFile      /etc/apache/ssl/private/server.crt
SSLCertificateChainFile /etc/apache/ssl/private/IPS-IPSCABUNDLE.crt
</VirtualHost>

Thanks,
Robert


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message