httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robin Becker <ro...@reportlab.com>
Subject Re: [users@httpd] ssl setup checking
Date Wed, 09 Oct 2013 11:41:56 GMT
On 07/10/2013 20:26, Yehuda Katz wrote:
> OpenSSL supports each of the options you need (one at a time).
> http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/
> Just add the server to the hosts file.
>
> - Y
......
thanks for the above, certainly bits of my setup are OK, but now the dns has 
gone live and various checkers are saying that the chain is broken.

I used the instructions for GlobalSign Extended, but I'm not sure how to make 
use of three certs from them; ie I don't know what to do with the cross 
certificate. See

https://support.globalsign.com/customer/portal/articles/1223443-intermediate-certificate---extendedssl

where it says

"As an ExtendedSSL customer you must install your end entity ExtendedSSL 
Certificate (received by email) and both the ExtendedSSL CA - G2 Intermediate 
Certificate and the GlobalSign Cross Certificate to your web server."




So I have my cert the GS root cert and the intermediate cert pointed at by the 
apache conf like this

> SSLCertificateFile /xxxx/etc/certs/myhost.com.crt
> SSLCertificateKeyFile /xxxx/etc/certs/myhost.key
> SSLCACertificateFile /xxxx/etc/certs/globalsign-root-ca-rc2.crt
> SSLCertificateChainFile /xxxx/etc/certs/globalsign-intermediate-extended.crt


but where / how do I inject the 'cross' certificate?

-- 
Robin Becker

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message