Hi Harard
> from the root CA to the web server certificate we have several levels.
Is
> there a way to offer the web browser all certificates in this chain,
which
> can than be saved in the browser certificate database in one gulp?
>
> I saw that there are directive in Apache to do this, but my first steps
> went fail. If someone could give me a short description or example how
to
> do it, I would be very glad.
The directive is:
SSLCertificateChainFile /opt/apache/conf/ssl.crt/server_chain.crt
It should contain the PEM encoded certificate chain of the CA that signed
the server certificate one after the other (root, internediates). You
don't have to pu the server certificate itself in it, this will be taken
from
SSLCertificateFile /opt/apache/conf/ssl.crt/server.crt
as usual.
This works very well until you start to do client authentication with the
same CA, then you are more or less fucked.
Bye
Tim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
