Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global ID) also with mod_ssl?
[L] Yes, mod_ssl since version 2.1 supports the SGC facility. You don’t have to configure anything special for this, just use a Global ID as your server certificate. The step up of the clients are then automatically handled by mod_ssl under run-time. For details please read the README.GlobalID document in the mod_ssl distribution. • After I have installed my new Verisign Global ID server certificate, the browsers complain that they cannot verify the server certificate? [L] That is because Verisign uses an intermediate CA certificate between the root CA certificate (which is installed in the browsers) and the server certificate (which you installed in the server). You should have received this additional CA certificate from Verisign. If not, complain to them. Then configure this certificate with the SSLCertificateChainFile directive in the server. This makes sure the intermediate CA certificate is send to the browser and this way fills the gap in the certificate chain.
