[Spce-user] Configuring SSL certificates
Kevin Blackman
KBLACKMA at WISEKEY.COM
Wed Mar 7 18:58:42 EST 2012
Thanks, I considered the option to modify the Apache config directly, but wanted to be sure first given that you rewrite some config files.
We usually specify these in the virtual site configs, which seem to be rewritten.
Will follow the method below
Thanks, Kevin
-----Original Message-----
From: Andrew Pogrebennyk [mailto:apogrebennyk at sipwise.com]
Sent: Wednesday, March 07, 2012 8:25 PM
To: Kevin Blackman
Cc: spce-user at lists.sipwise.com
Subject: Re: [Spce-user] Configuring SSL certificates
On 03/07/2012 07:49 PM, Kevin Blackman wrote:
> OK - this has been resolved, seems it was an issue of white space at the end of the lines in the CRT and crt files.
> The query concerning intermediate CA file config via config.yml remains open...
Please check
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
AFAIR if you the following trust heirarchy:
trusted root
- inter 1
- inter 2
- server.example.com.crt
You may construct the crt file in this exact order:
cat server.example.com.crt > chain-server.example.com.crt cat inter2.crt >> chain-server.example.com.crt cat inter1.crt >> chain-server.example.com.crt
And then specify resulting file in SSLCertificateChainFile.
The apache configuration is not under templates (yet) so you can edit your httpd.conf directly.
More information about the Spce-user
mailing list