I'm trying create a mutually authenticated SSL connection using a proxy
certificate[1] generated by MyProxy server for the client side. The server
contains the certificate of the CA, but does not contain the certificate of
the user who issued/signed the proxy certificate. Hence the proxy
certificate also contains the public key of the user as mentioned in here
[2] . The overall format of the certificate has the following structure

PEM-encoded proxy certificate
PEM-encoded private key
PEM-encoded public certificate of the user (delegator) to help create
the certificate chain in the server side.

My question is whether OpenSSL supports the above scenario of using a public
key contained in the client proxy file as an intermediary certificate when
building the trust path to the CA. If so please let me know the
configurations I need to do...

My ultimate goal is to get this working with Apache Tomcat using mod_ssl &


1. http://www.ietf.org/rfc/rfc3820.txt
3. http://dev.globus.org/wiki/Security/ProxyFileFormat
Thilina Gunarathne - http://thilinag.blogspot.com