> Von: Robin Becker [mailto:robin@xxxxxxxxxxxxx] > > On 09/10/2013 13:15, Fiedler Roman wrote: > .......... > > > > Unless you want to use client certificates from globalsign, > "SSLCACertificateFile" will not make sense. See [1] > > > > Roman > > > > [1] > http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile > .......... > > This page https://support.globalsign.com/customer/portal/articles/1225234 > says > explicitly that I need the SSLCACertificateFile directive Strange, perhaps I misread the configuration or this is just required so that NSA can login if you happen to want to use client-certificates also. > > Your virtual host section will need to contain the following directives: > > > > SSLCACertificateFile - This will need to point to the appropriate > GlobalSign root CA certificate. > > SSLCertificateChainFile - This will need to point to the appropriate > intermediate root CA certificates you previously created in Step 1 above. > > SSLCertificateFile - This will need to point to the end entity certificate. > This is the certificate you have called "mydomain.crt." > > SSLCertificateKeyFile - This will need to point to the private key file > associated with your certificate. > > what I don't understand is where the cross certificate goes. I've just put all chain certificates into " SSLCertificateChainFile", nothing else was required on apache2.2. But we had problems with some clients, that still did not want to accept the chain, mostly on mobile devices. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|