Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 41392 invoked from network); 29 Sep 2008 06:30:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 29 Sep 2008 06:30:24 -0000 Received: (qmail 34146 invoked by uid 500); 29 Sep 2008 06:30:12 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 34132 invoked by uid 500); 29 Sep 2008 06:30:12 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 34121 invoked by uid 99); 29 Sep 2008 06:30:12 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 28 Sep 2008 23:30:12 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [217.79.187.9] (HELO mx01.nexxes.net) (217.79.187.9) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Sep 2008 06:29:10 +0000 Received: from [192.168.1.169] (dslb-084-063-060-006.pools.arcor-ip.net [84.63.60.6]) (Authenticated sender: dennis@birkholz.biz) by mx01.nexxes.net (Postfix) with ESMTPA id 1D08821C292 for ; Mon, 29 Sep 2008 08:29:11 +0200 (CEST) Message-ID: <48E075B6.6010202@mailinglists.birkholz.biz> Date: Mon, 29 Sep 2008 08:29:10 +0200 From: Dennis Birkholz Reply-To: users@httpd.apache.org User-Agent: Thunderbird 2.0.0.16 (X11/20080707) MIME-Version: 1.0 To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] SSL: CA-Certificate is not sent to browser with SSLCACertificatePath Hello, I have a strange problem using SSL with apache 2.2.9 on Gentoo-Linux (mod_ssl 2.2.9 and OpenSSL 0.9.8g): I have two servers running with exactly the same apache and openssl binaries. On one server i can use the SSLCACertificatePath directive to let apache send the CA chain to the browser (self-signed root ca + intermediate ca), the browser gets the complete chain. On the other server i use the same chain with another certificate signed by the intermediate ca, the browser gets only the certificate but no ca certificates. If i use SSLCertificateChainFile the browser gets the complete chain. The apache/mod_ssl debug log on both servers I see a lot of "[Mon Sep 29 07:45:40 2008] [debug] ssl_engine_init.c(1092): CA certificate: /C=DE/..." lines so the ca certificates are read correctly from the folder on both systems. On both servers I use the same SSLCipherSuite entry and the configuration except for the virtual hosts is complete equal. The working server is running mod_perl, the other server uses no mod_perl but mod_php5, that is the only difference. Has anybody an idea how to fix this? Thanks, Dennis --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org