Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   chain.crt, posted by Gerhard Schneider on Thu Sep 3 21:55:52 2009 
    icon2.gif   Re: chain.crt, posted by Stefan Ritt on Fri Sep 4 08:33:16 2009 
    icon2.gif   Re: chain.crt, posted by Gerhard Schneider on Wed Oct 7 07:56:52 2009 
Message ID: 66525     Entry time: Thu Sep 3 21:55:52 2009     Reply to this: 66526   66556
Icon: Question  Author: Gerhard Schneider  Author Email: gs@ilsb.tuwien.ac.at 
Category: Question  OS: Linux  ELOG Version: 2.7.7-2246 
Subject: chain.crt  
Like many educational institutions we get "educational certificates" that are chain certificates..

With apache the full certificate chain is working as expected..

For elog I copied the appropriate files to server.crt and server.key

Netscape 3 is happy with that setup, Internet Explorer and Opera are mentioning the open certificate chain.

When I tried to copy the file known as SSLCACertificateFile in Apache to chain.crt elogd does not longer work and 

openssl s_client -showcerts -connect <myserver>:<elogd_port>

only shows: 

CONNECTED(00000003)
25523:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562:

What do I do wrong?

Gerhard Schneider
ELOG V3.1.5-3fb85fa6