httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rwebb <rw...@ropeguru.com>
Subject Re: [users@httpd] MIL CAC and mod_ssl for httpd 2.4.6
Date Fri, 05 May 2017 12:02:15 GMT
​Have you tried setting the verify depth to 2? That way you hit the intermediate and root
CA certs in the chain.

On Fri, 05/05/2017 01.58, Doug Maurer <doug@dmaurer.net> wrote:
> 
We have a setup where we have to use MIL CAC's to access our site. It
> currently works with SSLVerifyClient require and SSLVerifyDepth  10, but
> we want to limit what the users see to just of the certs that is
> presented. We tried changing the VerifyDepth to 1 and removed all the
> non-email certs in the ca-bundle.crt file. But the problem we get is it
> errors in the ssl_errors_log of AH02039: Certificate Verification: Error
> (20): unable to get local issuer. Googling this error says it's missing a
> intermediate cert. Tried to create by googling for instructions, but still
> get the same thing.
> 
> The 2.4.6-45 is from CentOS 7
> 
> Has anyone been able to get this to work?
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

Mime
View raw message