Client certs of multiple CA"s ?

Hello,

i am playing around with client certs. It works just fine, except the
issue that i would like to allow client certs signed by multiple
different CA's. I've got the certs of those trusted CA's in the
folder targeted by SSLCACertificatePath folder and completed with
hash.N symlinks as requested. So far, the access is successful only
if i address ONLY ONE CA cert with SSLCACertificateFile (and browser
offers me only that client cert of the same CA). It works for any of
the CA's in CertificatePath, but only one at a time. If i use the
CertificatePath instead of File, something inside apparently works,
as the browser offers me a selection of ALL applicable client certs,
which is basically the desired behavior. But i get that nasty error
in SSL log file "no client certificate returned" afterwards, the same
as if the CA of client cert is not trusted.

Is that a browser issue (some IE 5.5 i think) ? Am i using
CertificatePath right? Yes i know i can concat all CA certs in one
file and use the CertificateFile directive, but what is the hash
symlinks indexing for then?

Thanks,

Marvin.

____________________________________________________________ __________
Reklama:
Prekvapive dobry signal! Presvedcte se v Oskar Testu ...
http://www.oskarmobil.cz/oskartest
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org