S
Scott
Hi,
I've inherited a project where X509 Client Certificates were generated by MS
Certificate Server. I now need to add an Apache server to the mix, and use
those certificates to authenticate against that Apache server (running on
W2K Server). To do so, I need to add the MS Cert Server CA certificate to
either SSLCACertificatePath or append it to SSLCACertificateFile
(...\ca-bundle.cert).
However, from the MS Cert Server UI, it appears that I can only download the
CA Cert in either DER encoded, base-64 encoded (both with .cer extensions),
or download the CA Certification path (.p7b extension).
Is there any way I can get the CA Certificate in PEM encoding so that I
won't get this error in Apache:
[Mon Aug 11 17:04:07 2003] [error] covalent_ssl: SSL handshake failed
(server proxy.vmware.acme.com:443, client 10.255.3.1) (CovalentSSL library
error follows)
[Mon Aug 11 17:04:07 2003] [error] CovalentSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATEeer did not return a certificate
[Hint: No CAs known to server for verification.]
[Mon Aug 11 17:04:25 2003] [error] covalent_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate
Regards,
Scott
I've inherited a project where X509 Client Certificates were generated by MS
Certificate Server. I now need to add an Apache server to the mix, and use
those certificates to authenticate against that Apache server (running on
W2K Server). To do so, I need to add the MS Cert Server CA certificate to
either SSLCACertificatePath or append it to SSLCACertificateFile
(...\ca-bundle.cert).
However, from the MS Cert Server UI, it appears that I can only download the
CA Cert in either DER encoded, base-64 encoded (both with .cer extensions),
or download the CA Certification path (.p7b extension).
Is there any way I can get the CA Certificate in PEM encoding so that I
won't get this error in Apache:
[Mon Aug 11 17:04:07 2003] [error] covalent_ssl: SSL handshake failed
(server proxy.vmware.acme.com:443, client 10.255.3.1) (CovalentSSL library
error follows)
[Mon Aug 11 17:04:07 2003] [error] CovalentSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATEeer did not return a certificate
[Hint: No CAs known to server for verification.]
[Mon Aug 11 17:04:25 2003] [error] covalent_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate
Regards,
Scott