We also have: root CA -> sub CA -> client or server cert
we have put the root and sub CA in a directory pointed by:
SSLCACertificatePath
In this directory we have the attatched Makefile that we run to make a
hash of all CA and link the result of the hash to eatch CA.
This work fine whith apache 1.3.3x to the latest 2.4.
--
Martial Chartoire, Service Informatique | E-mail: [EMAIL PROTECTED]
Institut de Physique Nucleaire de Lyon | phone : +33 472 448 430
43, BD du 11 Novembre 1918 | fax : +33 472 448 004
F 69622 Villeurbanne Cedex |
##
## Makefile to keep the hash symlinks in SSLCACertificatePath up to date
## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved.
##
SSL_PROGRAM=
update: clean
[EMAIL PROTECTED]"$(SSL_PROGRAM)"; \
if [ ".$$ssl_program" = . ]; then \
for dir in . `echo $$PATH | sed -e 's/:/ /g'`; do \
for program in openssl ssleay; do \
if [ -f "$$dir/$$program" ]; then \
if [ -x "$$dir/$$program" ]; then \
ssl_program="$$dir/$$program"; \
break; \
fi; \
fi; \
done; \
if [ ".$$ssl_program" != . ]; then \
break; \
fi; \
done; \
fi; \
if [ ".$$ssl_program" = . ]; then \
echo "Error: neither 'openssl' nor 'ssleay' program found" 1>&2; \
exit 1; \
fi; \
for file in *.crt; do \
if [ ".`grep SKIPME $$file`" != . ]; then \
echo dummy |\
awk '{ printf("%-15s ... Skipped\n", file); }' \
"file=$$file"; \
else \
n=0; \
while [ 1 ]; do \
hash="`$$ssl_program x509 -noout -hash <$$file`"; \
if [ -r "$$hash.$$n" ]; then \
n=`expr $$n + 1`; \
else \
echo dummy |\
awk '{ printf("%-15s ... %s\n", file, hash); }' \
"file=$$file" "hash=$$hash.$$n"; \
ln -s $$file $$hash.$$n; \
break; \
fi; \
done; \
fi; \
done
clean:
[EMAIL PROTECTED] -f [0-9a-fA-F]*.[0-9]*
