You can use a tool like https://www.ssllabs.com/ssltest/ to check the chain
(and other settings) or you can use openssl (openssl s_client -showcerts
-connect www.example.com:443).
As you found, putting the chain in the certificate file should work.
- Y
On Thu, Jul 19, 2018 at 2:47 PM wrote:
> I am putting to together a config for both RH6 and RH7 systems. RH6 used
> Apache/2.2.15, RH7 uses Apache/2.4.6.
>
> I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the
> intermediates should be appended to the file that SSLCertificateFile
> points to.
>
> Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the
> config is NOT used and instead the intermediates are appended the file
> that SSLCertificateChainFile points to as you would in 2.4.8 and greater.
> Just thinking that if it will work correctly, the config would be the same
> now and when 2.4.8 and greater gets in place.
>
> We have done this on a test system and it seems to work, however I'm not
> sure if we are just fooling ourselves and it isn't even seeing the
> intermediates and the client just isn't complaining.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
