It also says: # If CA_file (below) is not used, then the # certificate_file below MUST include not # only the server certificate, but ALSO all # of the CA certificates used to sign the # server certificate.
Please read ALL of the comments in a module you are configuring. Selectively reading them means that you miss vital information.
Alan DeKok.
Except that my server cert does contain a CA cert. I'm not 100% sure it's sufficient, because it was issued from an intermediate CA (it needs to be the signer(s) not the issuer, right?), so I went to another CA got a webserver cert in pem format directly from the root. Downloaded the root CA cert in pem format and appended them.... same error: Error reading Trusted root CA list (null) Do we know this mode is working (No CA_File, but certificate file with server cert + ca cert)? In any case, I'd be willing to experiment more. -- usawebbox@fastmail.fm -- http://www.fastmail.fm - And now for something completely different