https://bugzilla.wikimedia.org/show_bug.cgi?id=52630

--- Comment #5 from Tim Landscheidt <t...@tim-landscheidt.de> ---
I played around with it a bit yesterday, but any attempt appeared futile.

On tools-webproxy, I made sure RapidSSL_CA.pem was in /etc/ssl/certs, up to
date and had a symlink.  I've set SSLCACertificatePath to /etc/ssl/certs, shut
down and started up Apache, and still only the server certificate was served
either to online test sites or "echo | openssl s_client -connect
tools.wmflabs.org:443 | less".

I set SSLCertificateChainFile to tools.wmflabs.org.chained.pem which I created
by "cat tools.wmflabs.org.pem RapidSSL_CA.pem GeoTrust_Global_CA.pem >
tools.wmflabs.org.chained.pem", yet: Nada.

I've renamed tools.wmflabs.org.chained.pem to tools.wmflabs.org.pem to have
Apache read the chained certificate as its only SSLCertificateFile option, and
still only the server certificate was served; and in all cases, after a proper
shutdown & start.

So, Coren, after this experience and recently watching RobH fiddle with
wikitech's certificate for hours to get it right, a checklist: "File x should
have one -- CERTIFICATE -- session", "Directive y should point to file Z", etc.
would be greatly appreciated :-).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to