[users@httpd] SSL: CA-Certificate is not sent to browser with SSLCACertificatePath

[Dennis Birkholz <ap...@mailinglists.birkholz.biz>]

Hello,

I have a strange problem using SSL with apache 2.2.9 on Gentoo-Linux
(mod_ssl 2.2.9 and OpenSSL 0.9.8g):

I have two servers running with exactly the same apache and openssl
binaries. On one server i can use the SSLCACertificatePath directive to
let apache send the CA chain to the browser (self-signed root ca +
intermediate ca), the browser gets the complete chain.
On the other server i use the same chain with another certificate signed
by the intermediate ca, the browser gets only the certificate but no ca
certificates. If i use SSLCertificateChainFile the browser gets the
complete chain.

The apache/mod_ssl debug log on both servers I see a lot of "[Mon Sep 29
07:45:40 2008] [debug] ssl_engine_init.c(1092): CA certificate:
/C=DE/..." lines so the ca certificates are read correctly from the
folder on both systems.

On both servers I use the same SSLCipherSuite entry and the
configuration except for the virtual hosts is complete equal.

The working server is running mod_perl, the other server uses no
mod_perl but mod_php5, that is the only difference.

Has anybody an idea how to fix this?

Thanks,
Dennis

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org