curl 可以成功发送 https 请求，apache2 却不行

Ubuntu 服务器 14.04。

我必须通过 https 连接到网络外部的应用程序。我正在使用 apache2 在 https 层上建立通信。

另一方面，它要求进行客户端证书身份验证。我在 Ubuntu 中安装了所有证书链。CA、中间证书以及它们的公共证书。

一个实际的例子：

curl -lv https://this-application/receiving-link

* Hostname was NOT found in DNS cache
*   Trying 111.222.333.444...
* Connected to application-something (111.222.333.444) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

我期望的正是这个结果。

我在这里加载了所有证书链 + 公共（pem 格式和散列、软链接）：/etc/apache2/mytrustedclientcerts

curl -lvvvvv --capath "/etc/apache2/mytrustedclientcerts/" https://this-application/receiving-link

* Hostname was NOT found in DNS cache
*   Trying 111.222.333.444...
* Connected to application-something (111.222.333.444) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/apache2/mytrustedclientcerts/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        information about the certificate here
*        ...
*        ...
*        ...
*        ...
*        SSL certificate verify ok.
> GET /b2b/httpReceiver HTTP/1.1
> User-Agent: curl/7.35.0
> Host: application-something.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Mon, 04 Jun 2018 13:16:20 GMT
* Server Server is not blacklisted
< Server: Server
< Content-Length: 155
< test: some_thing
< test: 0:1
< Content-Type: text/html; charset=ISO-8859-1
< 
<html><head><title>Server</title></head>
<body><h1>Hello</h1>
Ready.
</body></html>
* Connection #0 to host application-something.com left intact

完美。这就是我如何判断自己是否能够连接，而我确实做到了。

现在轮到 Apache2 了。

我添加到我的已启用站点 配置配置文件：

SSLCACertificatePath  "/etc/apache2/mytrustedclientcerts/"
SSLVerifyDepth 10
SSLVerifyClient optional #this must be optional because of many reasons

就像我在测试服务器中所做的那样，更改后连接立即生效。在此生产服务器（两者都是 Ubuntu 14.04）中，连接不起作用。

我在我的申请日志中看到：

06/04/18 11:42:31 SenderModule: Connecting to: https://this-application/receiving-link [message-for-sending-hash]
06/04/18 11:42:32 SenderModule: Failed to connect to partner using SSL certificate. Please run the SSL certificate checker utility to identify the issue: https://this-application/receiving-link [message-for-sending-hash]

我尝试过了核实证书也是如此：

openssl verify -verbose -x509_strict -CApath /etc/apache2/mytrustedclientcerts/ /etc/apache2/mytrustedclientcerts/4.https_public.pem

其中写道：

/etc/apache2/mytrustedclientcerts/4.https_public.pem: OK

我重新启动了 Apache2 来应用更改 - 我不想在 CURL 上使用“-k”选项，因为这不是重点。

我问是否有人知道为什么 Apache2 无法获取这些证书并使用它们。可能是我遗漏了文档中的某些内容：https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcacertificatepath但老实说，我不这么认为。如能提供任何帮助我将不胜感激！