> Von: Robin Becker [mailto:robin@xxxxxxxxxxxxx] > > On 07/10/2013 20:26, Yehuda Katz wrote: > > OpenSSL supports each of the options you need (one at a time). > > http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/ > > Just add the server to the hosts file. > > > > - Y > ...... > thanks for the above, certainly bits of my setup are OK, but now the dns has > gone live and various checkers are saying that the chain is broken. > > I used the instructions for GlobalSign Extended, but I'm not sure how to > make > use of three certs from them; ie I don't know what to do with the cross > certificate. See > > https://support.globalsign.com/customer/portal/articles/1223443- > intermediate-certificate---extendedssl > > where it says > > "As an ExtendedSSL customer you must install your end entity ExtendedSSL > Certificate (received by email) and both the ExtendedSSL CA - G2 > Intermediate > Certificate and the GlobalSign Cross Certificate to your web server." > > > > > So I have my cert the GS root cert and the intermediate cert pointed at by > the > apache conf like this > > > SSLCertificateFile /xxxx/etc/certs/myhost.com.crt > > SSLCertificateKeyFile /xxxx/etc/certs/myhost.key > > SSLCACertificateFile /xxxx/etc/certs/globalsign-root-ca-rc2.crt > > SSLCertificateChainFile /xxxx/etc/certs/globalsign-intermediate- > extended.crt Unless you want to use client certificates from globalsign, "SSLCACertificateFile" will not make sense. See [1] Roman [1] http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|