httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fiedler Roman <Roman.Fied...@ait.ac.at>
Subject AW: AW: [users@httpd] ssl setup checking
Date Wed, 09 Oct 2013 12:32:53 GMT
> Von: Robin Becker [mailto:robin@reportlab.com]
> 
> On 09/10/2013 13:15, Fiedler Roman wrote:
> ..........
> >
> > Unless you want to use client certificates from globalsign,
> "SSLCACertificateFile" will not make sense. See [1]
> >
> > Roman
> >
> > [1]
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile
> ..........
> 
> This page https://support.globalsign.com/customer/portal/articles/1225234
> says
> explicitly that I need the SSLCACertificateFile directive

Strange, perhaps I misread the configuration or this is just required so that NSA can login
if you happen to want to use client-certificates also.

> > Your virtual host section will need to contain the following directives:
> >
> >     SSLCACertificateFile - This will need to point to the appropriate
> GlobalSign root CA certificate.
> >     SSLCertificateChainFile - This will need to point to the appropriate
> intermediate root CA certificates you previously created in Step 1 above.
> >     SSLCertificateFile - This will need to point to the end entity certificate.
> This is the certificate you have called "mydomain.crt."
> >     SSLCertificateKeyFile - This will need to point to the private key file
> associated with your certificate.
> 
> what I don't understand is where the cross certificate goes.

I've just put all chain certificates into " SSLCertificateChainFile", nothing else was required
on apache2.2. But we had problems with some clients, that still did not want to accept the
chain, mostly on mobile devices.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message