Hi Keith,
Just append all the CA cert files in the chain into one file, then use
the ServerCAFile param to point to it. These CA cert files should be in
PEM format. We're using that here for our DoD CA chain and it works
great.
/s.
On Thursday, January 16, 2003, at 12:07 PM, Keith Paskett wrote:
Is there an nsopenssl equivalent to Apache + MOD SSL/OPEN SSL
SSLCertificateChainFile?
I have a certificate that was signed by a CA certificate that is not
in the netscape browser but a certificate up the chain is.
Root Cert (is in browser)
|
-- signs ->-
|
Cert X (not in browser)
|
-- signs ->-
|
Cert Y (not in browser)
|
-- signs ->-
|
My server certificate.
Apache installation instructions from the company that signed the Cert
say to put Root Cert, Cert X, and Cert Y in a file that Apache
directive
'SSLCertificateChainFile' points to.
I can install Certy Y in my browser and all works well but I paid
to have my certificate signed (what a racket) so my users wouldn't
have to do that.
- Keith
