I have been trying to set ssl client authentication with Apache and I am not sure what I am doing wrong...
I basically have a server certificate issued by GeoTrust/RapidSSL. For the normal ssl authentication I use the following configuration (and it works fine):
For the client authentication I created client certificate using the my-domain.crt and private.pem to sign it. Here is the openssl command:
openssl ca -config openssl.cnf -days 360 -in client.csr -out client.crt -keyfile private.pem -cert my-domain.crt -policy policy_anything
I created a certificate chain file by pasting my-domain.crt and then intermediate.crt into one whole my-domain-full.pem file.
And to the Apache configuration I added:
I converted the client.crt into pkcs12 format and loaded it into the browser. Then I tried accessing my-domain and got the following error:
Peer does not recognize and trust the CA that issued your certificate. (Error code: ssl_error_unknown_ca_alert)
I hope you can see what I'm doing wrong... Thanks in advance for any hints!