httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehuda Katz <yeh...@ymkatz.net>
Subject Re: [users@httpd] SSLCertificateChainFile
Date Fri, 20 Jul 2018 02:34:10 GMT
You can use a tool like https://www.ssllabs.com/ssltest/ to check the chain
(and other settings) or you can use openssl (openssl s_client -showcerts
-connect www.example.com:443).
As you found, putting the chain in the certificate file should work.

- Y

On Thu, Jul 19, 2018 at 2:47 PM <apache@buglecreek.com> wrote:

> I am putting to together a config for both RH6 and RH7 systems.  RH6 used
> Apache/2.2.15, RH7 uses Apache/2.4.6.
>
> I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the
> intermediates should be appended to  the file that SSLCertificateFile
> points to.
>
> Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the
> config is NOT used and instead the intermediates are appended the file
> that  SSLCertificateChainFile points to as you would in 2.4.8 and greater.
> Just thinking that if it will work correctly, the config would be the same
> now and when 2.4.8 and greater  gets in place.
>
> We have done this on a test system and it seems to work, however I'm not
> sure if we are just fooling ourselves and it isn't even seeing the
> intermediates and the client just isn't complaining.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message