Re: How to set an empty certificate Chain?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Why have it be blank, cant you just make the chain be it's self if there is no issuer?

SSLCertificateChainFile /etc/ssl/private/vhost.chain


On Sat, Jan 25, 2014 at 1:51 PM, Hanno Böck <hanno@xxxxxxxxx> wrote:
Hi,

I have some kind of tricky SSL configuration issue. I have a server
that has a certificate with an intermediate certificate as the default.
However, I have one virtual host which only has a certificate with no
intermediate.

So something like this:
SSLCertificateFile /etc/ssl/private/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
SSLCertificateChainFile /etc/ssl/private/apache.chain
<VirtualHost *:443>
[...]
SSLCertificateFile /etc/apache2/certs/private/somecert.crt
SSLCertificateKeyFile /etc/apache2/certs/private/somecert.key
</VirtualHost>

What happens now is that the vhost with the single certificate ships
the default intermediate.

If I set SSLCertificateChainFile to an empty file in the config, apache
tells me:
AH00526: Syntax error on line [...] of [...]:
SSLCertificateChainFile: file '/etc/apache2/chains/empty.pem' does not
exist or is empty

Well, yeah. It is empty. Because I want it empty. However, it seems
apache thinks that's a syntax error.

Is there any way to configure this? If not I think this is a bug. It is
completely valid to have a vhost with no certificate chain.


cu,
--
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@xxxxxxxxx
GPG: BBB51E42

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux