I obtained security certificate from VeriSign for client connection to the customer web apache server. Below is the Issuer tag line from the www.customer.com.pem file.

issuer=CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

I have tried several things to get the certificate to validate.

Added the following to the httpd.conf file in my <VirtualHost> … </VirtualHost> definition
# SSL Certs
SSLEngine ON
SSLCertificateFile /etc/pki/tls/private/www.customer.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.customer.com.key
SSLCertificateChainFile /etc/pki/tls/private/www.customer.com.crt

Since the ssl.conf file has a statement in it for SSLCACertificateFile

SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

I concatenated the www.customer.com.pem >> /etc/pki/tls/certs/ca-bundle.crt and verified that apache was ok with the configuration by running

# /usr/sbin/apachectl –t
Syntax OK

I then restarted httpd

/etc/init.d/httpd restart

And still the certificate returns when accessing https://www.customer.com the error of ‘not issued by trusted certificate authority”.

The pertinent packages I have installed is

Installed Packages
httpd.x86_64 2.2.15-15.el6.centos.1 @updates
httpd-tools.x86_64 2.2.15-15.el6.centos.1 @updates
mod_ssl.x86_64 1:2.2.15-15.el6.centos.1 @updates
openssl.x86_64 1.0.0-20.el6_2.2 @updates
openssl-devel.x86_64 1.0.0-20.el6_2.2 @updates

At this point I’m not sure what else I can do. Can you please tell me if I’m missing a package that will assist in SSLCACertificateFile or SSLCertificateChainFile verification? Is there a patch that needs to be installed? Am I missing something in one of my conf files?

Any assistance is greatly appreciated.

Thank you,

--tinawalt

Is it using the correct certificate? Try running



and check the details of the certificate that is being used.