Hello everyone, I have been trying to set ssl client authentication with Apache and I am not sure what I am doing wrong... I basically have a server certificate issued by GeoTrust/RapidSSL. For the normal ssl authentication I use the following configuration (and it works fine): SSLEngine on SSLCertificateFile /etc/ssl/certs/my-domain.crt SSLCertificateChainFile /etc/ssl/certs/intermediate.crt SSLCertificateKeyFile /etc/ssl/private/private.pem Code (markup): For the client authentication I created client certificate using the my-domain.crt and private.pem to sign it. Here is the openssl command: openssl ca -config openssl.cnf -days 360 -in client.csr -out client.crt -keyfile private.pem -cert my-domain.crt -policy policy_anything Code (markup): I created a certificate chain file by pasting my-domain.crt and then intermediate.crt into one whole my-domain-full.pem file. And to the Apache configuration I added: SSLVerifyClient optional SSLVerifyDepth 10 SSLCACertificateFile /etc/ssl/certs/my-domain-full.pem Code (markup): I converted the client.crt into pkcs12 format and loaded it into the browser. Then I tried accessing my-domain and got the following error: Peer does not recognize and trust the CA that issued your certificate. (Error code: ssl_error_unknown_ca_alert) I hope you can see what I'm doing wrong... Thanks in advance for any hints!