On 10/07/14 22:42, Daniel wrote:
SSLCertificateChainFile is deprecated in 2.4 in favour of
SSLCaCertificateFile
2014-10-07 16:59 GMT+02:00 dE <de.tec...@gmail.com
<mailto:de.tec...@gmail.com>>:
On 10/07/14 18:12, Igor Cicimov wrote:
On Tue, Oct 7, 2014 at 2:51 AM, dE <de.tec...@gmail.com
<mailto:de.tec...@gmail.com>> wrote:
Hi.
I'm in a situation where I got 3 certificates
server.pem -- the end user certificate which's sent by the
server to the client.
intermediate.pem -- server.pem is signed by
intermediate.pem's private key.
issuer.pem -- intermediate.pem is signed by issuer.pem's
private key.
combined.pem is created by --
cat server.pem intermediate.pem > combined.pem
Issuer.pem is installed in the web browser.
The chain is working, I can verify this via the SSL command --
cat intermediate.pem issuer.pem > cert_bundle.pem
openssl verify -CAfile cert_bundle.pem server.pem
server.pem: OK
However the browsers (FF, Chrome, Konqueror and wget) fail
authentication, claiming there are no certificates to verity
server.pem's signature.
I'm using Apache 2.4.10 with the following --
SSLCertificateFile /tmp/combined.pem
SSLCertificateKeyFile /tmp/server.key
Try this:
$ cat issuer.pem intermediate.pem > CA_chain.pem
SSLCertificateFile server.pem
SSLCertificateKeyFile server.key
SSLCertificateChainFile CA_chain.pem
Tried this on Apache 2.2 (SSLCertificateChainFile does not work
with 2.4) with the same issue.
No, you can see it here --
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile
when |SSLCertificateFile
<http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile>|
was extended to also load intermediate CA certificates from the
server certificate file.
