On Thu, 25 Oct 2007, Kai Schaetzl wrote: > Tom Diehl wrote on Thu, 25 Oct 2007 14:54:19 -0400 (EDT): > >> error 18 at 0 depth lookup:self signed certificate >> OK >> (roadrunner pts1) # >> >> Am I correct that the above error is normal for a self signed cert? > > Seems so, yes. I get the same. I think your cert is okay. Your errors are > all about *client* certificates, so the problem is with the certificate > the client presents, not with the one you configured for the server. > You seem to require a client certificate and either the client doesn't > present you one or one that can't get verified. My knowledge about client > certificates is limited, so I'm not sure about the exact reason. I do not understand this either. I have done this a bunch of times on el3 and el4 machines and it "just works". Something seems to be fubar on the el5 machine. I even tried several different client machines and browsers with the same result. FWIW, the machine is a new install, so this is the first time I tried to activate ssl. rpm -V on mod_ssl shows nothing. Could this be some kind of multiarch problem? FWIW, I have the following openssl packages installed on the machine: (roadrunner pts1) # yum list openssl\* ... Installed Packages openssl.x86_64 0.9.8b-8.3.el5_0.2 installed openssl-devel.x86_64 0.9.8b-8.3.el5_0.2 installed openssl-perl.x86_64 0.9.8b-8.3.el5_0.2 installed openssl097a.x86_64 0.9.7a-9 installed Available Packages openssl.i686 0.9.8b-8.3.el5_0.2 updates openssl-devel.i386 0.9.8b-8.3.el5_0.2 updates (roadrunner pts1) # I am really at a loss on this one. Regards, -- Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com