https://issues.apache.org/bugzilla/show_bug.cgi?id=56407
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID OS|Linux |All --- Comment #1 from Kaspar Brand <[email protected]> --- (In reply to Scott van Looy from comment #0) > This helpful warning appeared to me when I was checking some config: > AH02559: The SSLCertificateChainFile directive > (/etc/httpd/conf.d/ssl.conf:133) is deprecated, SSLCertificateFile should be > used instead > It appears to be incorrect, it should say “SSLCACertificateFile should be > used instead” shouldn’t it? No, SSLCACertificateFile is about configuring CA certificates you trust for client authentication, which is different from the (intermediate) CA certificates you configure for the server's own certificate. > I tried using SSLCertificateFile and nothing worked. Note that the file pointed to by SSLCertificateFile needs to have both the server certificate and the intermediate CA certificates. Quoting from http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile: "This directive points to a file with certificate data in PEM format. At a minimum, the file must include an end-entity (leaf) certificate. Beginning with version 2.4.8, it may also include intermediate CA certificates, sorted from leaf to root, and obsoletes SSLCertificateChainFile." I.e., to update your configuration to no longer rely on SSLCertificateChainFile, you need to append the contents of the chain file to those already in SSLCertificateFile. I'm closing this bug, as the warning message itself is correct. If there's something in the documentation which could be improved, then let us know. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
