SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile). [Kaspar Brand]"No, you can see it here --On 10/07/14 22:42, Daniel wrote:
SSLCertificateChainFile is deprecated in 2.4 in favour of SSLCaCertificateFile
2014-10-07 16:59 GMT+02:00 dE <de.techno@xxxxxxxxx>:
Tried this on Apache 2.2 (SSLCertificateChainFile does not work with 2.4) with the same issue.On 10/07/14 18:12, Igor Cicimov wrote:
On Tue, Oct 7, 2014 at 2:51 AM, dE <de.techno@xxxxxxxxx> wrote:
Hi.
I'm in a situation where I got 3 certificates
server.pem -- the end user certificate which's sent by the server to the client.
intermediate.pem -- server.pem is signed by intermediate.pem's private key.
issuer.pem -- intermediate.pem is signed by issuer.pem's private key.
combined.pem is created by --
cat server.pem intermediate.pem > combined.pem
Issuer.pem is installed in the web browser.
The chain is working, I can verify this via the SSL command --
cat intermediate.pem issuer.pem > cert_bundle.pem
openssl verify -CAfile cert_bundle.pem server.pem
server.pem: OK
However the browsers (FF, Chrome, Konqueror and wget) fail authentication, claiming there are no certificates to verity server.pem's signature.
I'm using Apache 2.4.10 with the following --
SSLCertificateFile /tmp/combined.pem
SSLCertificateKeyFile /tmp/server.key
Try this:
$ cat issuer.pem intermediate.pem > CA_chain.pem
SSLCertificateFile server.pem
SSLCertificateKeyFile server.key
SSLCertificateChainFile CA_chain.pem
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile
whenSSLCertificateFilewas extended to also load intermediate CA certificates from the server certificate file.
|