God DAMN! Took me most of the night to figure out what was wrong with my new ISPCA certificate installation. All kinds of confusing error messages, firstly:

[Mon Nov 10 01:59:48 2008] [error] Failed to configure CA certificate chain!

It wasn't that at all; there was nothing fuck-all wrong with the certificate chain file. Instead, I had inadvertently edited out the -----END CERTIFICATE----- line in one of the hashed files in my SSLCACertificatePath. Fixed that, and Apache finally started without crashing; but then, on trying to connect using my client cert:

[Mon Nov 10 04:53:49 2008] [error] Certificate Verification: Error (20): unable to get local issuer certificate

Turns out the SSLCACertificatePath has to be world-readable; none of the other files pertaining to the SSL configuration do. So since nothing in that directory is anything secret, I just put it into /var/www/jcomeau. Finally working. Whew!

Back to blog or home page

last updated 2013-01-10 21:18:39. served from tektonic