--- Comment #5 from Tim Landscheidt <t...@tim-landscheidt.de> ---
I played around with it a bit yesterday, but any attempt appeared futile.
On tools-webproxy, I made sure RapidSSL_CA.pem was in /etc/ssl/certs, up to
date and had a symlink. I've set SSLCACertificatePath to /etc/ssl/certs, shut
down and started up Apache, and still only the server certificate was served
either to online test sites or "echo | openssl s_client -connect
tools.wmflabs.org:443 | less".
I set SSLCertificateChainFile to tools.wmflabs.org.chained.pem which I created
by "cat tools.wmflabs.org.pem RapidSSL_CA.pem GeoTrust_Global_CA.pem >
tools.wmflabs.org.chained.pem", yet: Nada.
I've renamed tools.wmflabs.org.chained.pem to tools.wmflabs.org.pem to have
Apache read the chained certificate as its only SSLCertificateFile option, and
still only the server certificate was served; and in all cases, after a proper
shutdown & start.
So, Coren, after this experience and recently watching RobH fiddle with
wikitech's certificate for hours to get it right, a checklist: "File x should
have one -- CERTIFICATE -- session", "Directive y should point to file Z", etc.
would be greatly appreciated :-).
You are receiving this mail because:
You are on the CC list for the bug.
Wikibugs-l mailing list