chain certificates

I have problems with a Verisign Global-ID certificate installed on a very
old system. The Intermediate CA was installed according to the documentat=
ion on
Verisign's website.
The server's certificate is recognized only by Internet Explorer (tested
versions 5.5 and 6).=20
Other browsers do not recognize the certificate - they complain that the
site's certificate is incomplete (tested Mozilla, Mozilla Firebird, Opera=
).
Errors in the ssl_engine_log:

[error] SSL handshake failed (server xxx:443, client a.b.c.d) (OpenSSL
library error follows)
[error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca


I think the problem is related to the intermediate certificate but I can'=
t
identify it.

Entries in ssl_engine_log while starting Apache:

[info] Server: Apache/1.3.9, Interface: mod_ssl/2.4.10, Library:
OpenSSL/0.9.4
[info] Init: 1st startup round (still not detached)
[info] Init: Initializing OpenSSL library
[info] Init: Loading certificate & private key of SSL-aware server xxx:4=
43
[trace] Init: (xxx:443) unencrypted RSA private key - pass phrase not
required
[info] Init: Generating temporary RSA private keys (512/1024 bits)
[info] Init: Configuring temporary DH parameters (512/1024 bits)
[info] Init: 2nd startup round (already detached)
[info] Init: Reinitializing OpenSSL library
[trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed=
: 0
[info] Init: Seeding PRNG with 8 bytes of entropy
[info] Init: Configuring temporary RSA private keys (512/1024 bits)
[info] Init: Configuring temporary DH parameters (512/1024 bits)
[info] Init: Initializing (virtual) servers for SSL
[info] Init: Configuring server xxx:443 for SSL protocol
[trace] Init: (xxx:443) Creating new SSL context (protocols: SSLv2, SSLv3=
,
TLSv1)
[trace] Init: (xxx:443) Configuring RSA server certificate
[info] Init: (xxx:443) RSA server certificate enables Server Gated
Cryptography (SGC)
[trace] Init: (xxx:443) Configuring RSA server private key
[trace] Init: (xxx:443) Configuring server certificate chain (0 CA
certificates)
=
=20
^^^^^^^^^^^^^^^^^^^^

What does "0 CA certificate" mean?


In httpd.conf I have:

SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
SSLCertificateChainFile /path/to/intermediate.crt


Can someone help me?

TIA.

--=20
munca l-a facut pe om ... lenes.

NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: chain certificates

hi,

problem solved. it was a stupid mistake on our side.

>
> I have problems with a Verisign Global-ID certificate installed on a very
> old system. The Intermediate CA was installed according to the
> documentation on
> Verisign's website.
> The server's certificate is recognized only by Internet Explorer (tested
> versions 5.5 and 6).
> Other browsers do not recognize the certificate - they complain that the
> site's certificate is incomplete (tested Mozilla, Mozilla Firebird,
> Opera).
> Errors in the ssl_engine_log:
> [...]

--
munca l-a facut pe om ... lenes.

NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org