httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rhoden, Barret J. Mr. CN (NGIT) HQ USAREUR/7A CIO G6" <barret.rho...@us.army.mil>
Subject [users@httpd] SSLVerifyDepth and Intermediate CAs
Date Mon, 25 Sep 2006 11:27:31 GMT
hi - 

when using certificate authentication for clients, does the certificate in
the approved SSLCACertificatePath (or List) have to be a self-signed
certificate?

i would like to be able to explicitly trust specific, intermediate CAs,
instead of the root CA and every intermediate CA that root CA signs.  i
tried setting SSLVerifyDepth to 1, and put the intermediate CA's cert in the
appropriate path, but the only way apache seems to accept a client
certificate is if the depth reaches the root cert, and the root cert is in
the path.

if this is working as intended, can someone (me?) add a note to the
documentation saying that (unless it was supposed to be intuitively obvious
to the casual observer).  if not, what pitfalls might i have stumbled into?

thanks in advance,

barret


Mime
View raw message