You can use a tool like https://www.ssllabs.com/ssltest/ to check the chain (and other settings) or you can use openssl (openssl s_client -showcerts -connect www.example.com:443). As you found, putting the chain in the certificate file should work.
- Y On Thu, Jul 19, 2018 at 2:47 PM <apa...@buglecreek.com> wrote: > I am putting to together a config for both RH6 and RH7 systems. RH6 used > Apache/2.2.15, RH7 uses Apache/2.4.6. > > I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the > intermediates should be appended to the file that SSLCertificateFile > points to. > > Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the > config is NOT used and instead the intermediates are appended the file > that SSLCertificateChainFile points to as you would in 2.4.8 and greater. > Just thinking that if it will work correctly, the config would be the same > now and when 2.4.8 and greater gets in place. > > We have done this on a test system and it seems to work, however I'm not > sure if we are just fooling ourselves and it isn't even seeing the > intermediates and the client just isn't complaining. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >