On Mon, Mar 08, 1999, Marc Jadoul wrote:
> >From RFC2246 (TLS V1.0)
>
> certificate_list
> This is a sequence (chain) of X.509v3 certificates. The sender's
> certificate must come first in the list. Each following
> certificate must directly certify the one preceding it. Because
> certificate validation requires that root keys be distributed
> independently, the self-signed certificate which specifies the
> root certificate authority may optionally be omitted from the
> chain, under the assumption that the remote end must already
> possess it in order to validate it in any case.
>
> In mod_ssl there is a chain for client auhentication
> (SSLCACertificatePath,
> SSLCACertificateFile ), but i do not see where to configure the chain
> for the server certificate.
>
> Is there somewhere a possibility to configure this chain to send with
> the server certificate ?
OpenSSL picks up the server's cert chain also from SSLCACertificate{Path,File}
when available there. So, all you've to do is to place the cert chain for the
server also into this location and mod_ssl is able to send it out in the SSL
handshake phase.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
