I tried both order:
SSLCertificateFile conf/ssl/server.pem
SSLCertificateChainFile conf/ssl/chain.pem
where server.pem contains both the cert and the private key,
and chain.pem contains either CA/root or root/CA
Plüm, Rüdiger, VF-Group wrote:
-----Original Message-----
From: Nick Gearls [mailto:[email protected]]
Sent: Mittwoch, 12. August 2009 16:32
To: Development Apache
Subject: Certificate chain order not conform to TLS standard
Hello,
I get problems with a picky SSL client complaining that
Apache does not
send the certificate chain in the right order (server/CA/root).
Is that possible? Doesn't Apache (I am using 2.2.4) honor the RFC?
This is not a matter of httpd but a matter in which order you
put the certificates of the chain in the chainfile.
Try changing their order in the chainfile.
Regards
Rüdiger
