Re: enable HTTPD to support multi-layer certificates (ca chain)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2012-03-08 at 07:58 -0500, Mark Montague wrote: 
On March 8, 2012 2:09 , "Durairaj, Srinivasan (NSN - IN/Hyderabad)" 
<srinivasan.durairaj@xxxxxxx> wrote:
> I want to enable HTTPD to support multi-layer certificates (ca chain).
> I had 2 options
> Option 1:
> We can configure SSLCertificateFile (EE file) and SSLCertificateChainFile (CA Chain)
>
> Option 2:
> We can configure SSLCertificateFile (EE+CA Chain)
>
> When we tested we found that Option 1 worked and Option 2 did not.
> Any idea if I have missed anything in Option 2 or how to make Option 2 work
> HTTP version Is 2.2.3

Why do you think Option 2 should work?  What is bad about Option 1?  
What problem are you trying to solve?

I agree, so many people using option 2 in other software (postfix/dovecot etc), get the order WRONG, and the chain fails, half the time without them even knowing.  I've seen plenty ask that a chain option be introduced in other software, because it avoids the guessing game by newbies, not actually tried it in httpd, but maybe it does work, and the OP, like many before him, got the order wrong.

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux