httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug Maurer <d...@dmaurer.net>
Subject Re: [users@httpd] MIL CAC and mod_ssl for httpd 2.4.6
Date Fri, 05 May 2017 15:38:59 GMT

Just tried and still get the error (20).


On 5/5/2017 8:02 AM, rwebb wrote:
> ​Have you tried setting the verify depth to 2? That way you hit the 
> intermediate and root CA certs in the chain.
>
> On Fri, 05/05/2017 01.58, Doug Maurer <doug@dmaurer.net> wrote:
>
>     We have a setup where we have to use MIL CAC's to access our site. It
>     currently works with SSLVerifyClient require and SSLVerifyDepth
>     10, but
>     we want to limit what the users see to just of the certs that is
>     presented. We tried changing the VerifyDepth to 1 and removed all the
>     non-email certs in the ca-bundle.crt file. But the problem we get
>     is it
>     errors in the ssl_errors_log of AH02039: Certificate Verification:
>     Error
>     (20): unable to get local issuer. Googling this error says it's
>     missing a
>     intermediate cert. Tried to create by googling for instructions,
>     but still
>     get the same thing.
>
>     The 2.4.6-45 is from CentOS 7
>
>     Has anyone been able to get this to work?
>
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     <mailto:users-unsubscribe@httpd.apache.org>
>     For additional commands, e-mail: users-help@httpd.apache.org
>     <mailto:users-help@httpd.apache.org>
>


Mime
View raw message