httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From daniel bryan <danbrya...@gmail.com>
Subject Re: [users@httpd] How to set an empty certificate Chain?
Date Sat, 25 Jan 2014 20:06:23 GMT
Why have it be blank, cant you just make the chain be it's self if there is
no issuer?

SSLCertificateChainFile /etc/ssl/private/vhost.chain


On Sat, Jan 25, 2014 at 1:51 PM, Hanno Böck <hanno@hboeck.de> wrote:

> Hi,
>
> I have some kind of tricky SSL configuration issue. I have a server
> that has a certificate with an intermediate certificate as the default.
> However, I have one virtual host which only has a certificate with no
> intermediate.
>
> So something like this:
> SSLCertificateFile /etc/ssl/private/apache.crt
> SSLCertificateKeyFile /etc/ssl/private/apache.key
> SSLCertificateChainFile /etc/ssl/private/apache.chain
> <VirtualHost *:443>
> [...]
> SSLCertificateFile /etc/apache2/certs/private/somecert.crt
> SSLCertificateKeyFile /etc/apache2/certs/private/somecert.key
> </VirtualHost>
>
> What happens now is that the vhost with the single certificate ships
> the default intermediate.
>
> If I set SSLCertificateChainFile to an empty file in the config, apache
> tells me:
> AH00526: Syntax error on line [...] of [...]:
> SSLCertificateChainFile: file '/etc/apache2/chains/empty.pem' does not
> exist or is empty
>
> Well, yeah. It is empty. Because I want it empty. However, it seems
> apache thinks that's a syntax error.
>
> Is there any way to configure this? If not I think this is a bug. It is
> completely valid to have a vhost with no certificate chain.
>
>
> cu,
> --
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno@hboeck.de
> GPG: BBB51E42
>

Mime
View raw message