Hi Keith, Just append all the CA cert files in the chain into one file, then use the ServerCAFile param to point to it. These CA cert files should be in PEM format. We're using that here for our DoD CA chain and it works great.
/s. On Thursday, January 16, 2003, at 12:07 PM, Keith Paskett wrote:
Is there an nsopenssl equivalent to Apache + MOD SSL/OPEN SSL SSLCertificateChainFile? I have a certificate that was signed by a CA certificate that is not in the netscape browser but a certificate up the chain is. Root Cert (is in browser) | -- signs ->- | Cert X (not in browser) | -- signs ->- | Cert Y (not in browser) | -- signs ->- | My server certificate. Apache installation instructions from the company that signed the Cert say to put Root Cert, Cert X, and Cert Y in a file that Apache directive 'SSLCertificateChainFile' points to. I can install Certy Y in my browser and all works well but I paid to have my certificate signed (what a racket) so my users wouldn't have to do that. - Keith