hi, # If check_cert_issuer is set, the value will # be checked against the DN of the issuer in # the client certificate. If the values do not # match, the cerficate verification will fail, # rejecting the user. okay.. check_cert_issuer = "/DC=com/DC=edupki/CN=eduPKJ" <snip> (0) <<< TLS 1.0 Handshake [length 08b8], Certificate (0) chain-depth=1, (0) error=0 (0) --> BUF-Name = eduPKI CA G 01 (0) --> subject = /DC=org/DC=edupki/CN=eduPKI CA G 01 (0) --> issuer = /DC=org/DC=edupki/CN=eduPKI CA G 01 (0) --> verify return:1 <snip> (0) (other): SSL negotiation finished successfully SSL Connection Established ooops. something isnt quite right in the validation arena.. alan