httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Gearls <nickgea...@gmail.com>
Subject Re: Certificate chain order not conform to TLS standard
Date Thu, 13 Aug 2009 06:50:45 GMT
I tried both order:

	 SSLCertificateFile       conf/ssl/server.pem
	 SSLCertificateChainFile  conf/ssl/chain.pem

where server.pem contains both the cert and the private key,
and chain.pem contains either CA/root or root/CA


Plüm, Rüdiger, VF-Group wrote:
>  
> 
>> -----Original Message-----
>> From: Nick Gearls [mailto:nickgearls@gmail.com] 
>> Sent: Mittwoch, 12. August 2009 16:32
>> To: Development Apache
>> Subject: Certificate chain order not conform to TLS standard
>>
>> Hello,
>>
>> I get problems with a picky SSL client complaining that 
>> Apache does not 
>> send the certificate chain in the right order (server/CA/root).
>> Is that possible? Doesn't Apache (I am using 2.2.4) honor the RFC?
> 
> This is not a matter of httpd but a matter in which order you
> put the certificates of the chain in the chainfile.
> Try changing their order in the chainfile.
> 
> 
> Regards
> 
> Rüdiger
> 
> 

Mime
View raw message