httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fiedler Roman <Roman.Fied...@ait.ac.at>
Subject AW: [users@httpd] ssl setup checking
Date Wed, 09 Oct 2013 12:15:08 GMT
> Von: Robin Becker [mailto:robin@reportlab.com]
> 
> On 07/10/2013 20:26, Yehuda Katz wrote:
> > OpenSSL supports each of the options you need (one at a time).
> > http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/
> > Just add the server to the hosts file.
> >
> > - Y
> ......
> thanks for the above, certainly bits of my setup are OK, but now the dns has
> gone live and various checkers are saying that the chain is broken.
> 
> I used the instructions for GlobalSign Extended, but I'm not sure how to
> make
> use of three certs from them; ie I don't know what to do with the cross
> certificate. See
> 
> https://support.globalsign.com/customer/portal/articles/1223443-
> intermediate-certificate---extendedssl
> 
> where it says
> 
> "As an ExtendedSSL customer you must install your end entity ExtendedSSL
> Certificate (received by email) and both the ExtendedSSL CA - G2
> Intermediate
> Certificate and the GlobalSign Cross Certificate to your web server."
> 
> 
> 
> 
> So I have my cert the GS root cert and the intermediate cert pointed at by
> the
> apache conf like this
> 
> > SSLCertificateFile /xxxx/etc/certs/myhost.com.crt
> > SSLCertificateKeyFile /xxxx/etc/certs/myhost.key
> > SSLCACertificateFile /xxxx/etc/certs/globalsign-root-ca-rc2.crt
> > SSLCertificateChainFile /xxxx/etc/certs/globalsign-intermediate-
> extended.crt

Unless you want to use client certificates from globalsign, "SSLCACertificateFile" will not
make sense. See [1]

Roman

[1] http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message