Re: enable HTTPD to support multi-layer certificates (ca chain)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On March 8, 2012 2:09 , "Durairaj, Srinivasan (NSN - IN/Hyderabad)" <srinivasan.durairaj@xxxxxxx> wrote: 
I want to enable HTTPD to support multi-layer certificates (ca chain).
I had 2 options
Option 1:
We can configure SSLCertificateFile (EE file) and SSLCertificateChainFile (CA Chain)

Option 2:
We can configure SSLCertificateFile (EE+CA Chain)

When we tested we found that Option 1 worked and Option 2 did not.
Any idea if I have missed anything in Option 2 or how to make Option 2 work
HTTP version Is 2.2.3
Why do you think Option 2 should work? What is bad about Option 1? What problem are you trying to solve?
The documentation is pretty clear. https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatefile says that the file specified by SSLCetificateFile contains the certificate for the server and, optionally, the private key. It does not mention anything about CA certificates. On the other hand, https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile says that SSLCertificateChainFile specifies the "all-in-one" file containing certificates from the server certificate up through and including the root CA certificate. 

--
  Mark Montague
  mark@xxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux