1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 2:01 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

SSL Client Authentication

ssl client certificate authentication apache

         

pesho318i

9:35 pm on Apr 14, 2014 (gmt 0)

10+ Year Member



Hello everyone,

I have been trying to set ssl client authentication with Apache and I am not sure what I am doing wrong...

I basically have a server certificate issued by GeoTrust/RapidSSL. For the normal ssl authentication I use the following configuration (and it works fine): 

SSLEngine on 
SSLCertificateFile /etc/ssl/certs/my-domain.crt 
SSLCertificateChainFile /etc/ssl/certs/intermediate.crt 
SSLCertificateKeyFile /etc/ssl/private/private.pem


For the client authentication I created client certificate using the my-domain.crt and private.pem to sign it. Here is the openssl command: 

openssl ca -config openssl.cnf -days 360 -in client.csr -out client.crt -keyfile private.pem -cert my-domain.crt -policy policy_anything


I created a certificate chain file by pasting my-domain.crt and then intermediate.crt into one whole my-domain-full.pem file.
And to the Apache configuration I added: 

SSLVerifyClient optional 
SSLVerifyDepth 10 
SSLCACertificateFile /etc/ssl/certs/my-domain-full.pem


I converted the client.crt into pkcs12 format and loaded it into the browser. Then I tried accessing my-domain and got the following error:
Peer does not recognize and trust the CA that issued your certificate. (Error code: ssl_error_unknown_ca_alert)

I hope you can see what I'm doing wrong... Thanks in advance for any hints!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 2:01 pm May 1, 2026