httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Neves <luisne...@hotmail.com>
Subject [users@httpd] strange behaviour: SSLCACertificatePath and SSLCACertificateFile not giving the same result?
Date Thu, 05 Aug 2010 08:50:59 GMT

Hi there
I have seven certificates in /etc/pki/tls/certs/ca-bundle.crt.soosnecessarios file

I have also, the same seven certificates in /usr/local/apache2/conf/certs folder, with hashes
and the symbolic links:

lrwxrwxrwx 1 root root   15 Aug  4 11:01 37eda7b0.r0 -> ECAutCC0004.pem
lrwxrwxrwx 1 root root   15 Aug  4 11:01 3abdb128.r0 -> ECAutCC0003.pem
lrwxrwxrwx 1 root root   17 Aug  4 11:59 4d654d1d.r0 -> GTEGlobalroot.pem
lrwxrwxrwx 1 root root   15 Aug  4 11:01 4ff0f19f.r0 -> ECAutCC0002.pem
lrwxrwxrwx 1 root root    9 Aug  4 11:00 50434d39.r0 -> CC001.pem
lrwxrwxrwx 1 root root   16 Aug  4 11:03 747d995c.r0 -> ECRaizEstado.pem
lrwxrwxrwx 1 root root   15 Aug  4 11:01 a5a6af2d.r0 -> ECAutCC0001.pem
-rw-r-xr-x 1 root root 2179 Aug  4 10:56 CC001.pem
-rw-r-xr-x 1 root root 2496 Aug  4 10:56 ECAutCC0001.pem
-rw-r-xr-x 1 root root 2496 Aug  4 10:56 ECAutCC0002.pem
-rw-r-xr-x 1 root root 2496 Aug  4 10:56 ECAutCC0003.pem
-rw-r-xr-x 1 root root 2500 Aug  4 10:56 ECAutCC0004.pem
-rw-r-xr-x 1 root root 1976 Aug  4 10:56 ECRaizEstado.pem
-rw-r-xr-x 1 root root  875 Aug  4 11:58 GTEGlobalroot.pem



when I use SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt.soosnecessarios in http.conf
and, just for testing, SSLVerifyDepth 1
i get this error in error_log when validating a client access

[Thu Aug 05 09:38:11.350521 2010] [error] [pid 9328] [client 10.15.1.74:51725] Certificate
Verification: Certificate Chain too long (chain has 4 certificates, but maximum allowed are
only 1)

ok, nice, so far no problems here

BUT if i use

SSLCACertificatePath /usr/local/apache2/conf/certs

i get 
[Thu Aug 05 09:36:20.041698 2010] [error] [pid 9250] [client 10.15.1.74:51655] Certificate
Verification: Certificate Chain too long (chain has 3 certificates, but maximum allowed are
only 1)

only 3 certificates in chain?? Where are the fourth one?

Can somebody explain what Iam doing wrong? please?
Thanks,
Luis 		 	   		  
Mime
View raw message