httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Montague <m...@catseye.org>
Subject Re: [users@httpd] enable HTTPD to support multi-layer certificates (ca chain)
Date Thu, 08 Mar 2012 12:58:51 GMT
On March 8, 2012 2:09 , "Durairaj, Srinivasan (NSN - IN/Hyderabad)" 
<srinivasan.durairaj@nsn.com> wrote:
> I want to enable HTTPD to support multi-layer certificates (ca chain).
> I had 2 options
> Option 1:
> We can configure SSLCertificateFile (EE file) and SSLCertificateChainFile (CA Chain)
>
> Option 2:
> We can configure SSLCertificateFile (EE+CA Chain)
>
> When we tested we found that Option 1 worked and Option 2 did not.
> Any idea if I have missed anything in Option 2 or how to make Option 2 work
> HTTP version Is 2.2.3

Why do you think Option 2 should work?  What is bad about Option 1?  
What problem are you trying to solve?

The documentation is pretty clear.  
https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatefile 
says that the file specified by SSLCetificateFile contains the 
certificate for the server and, optionally, the private key.  It does 
not mention anything about CA certificates.  On the other hand, 
https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile 
says that SSLCertificateChainFile specifies the "all-in-one" file 
containing certificates from the server certificate up through and 
including the root CA certificate.

--
   Mark Montague
   mark@catseye.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message