SSL/TLS question
Wil Cooley
wcooley at nakedape.cc
Thu Jan 15 02:44:00 EST 2004
On Wed, 2004-01-14 at 16:05, Joe Rhett wrote:
> Use the exact same files for the web server as for the Cyrus mail server.
> They're both using the same library.
Well, in Apache I have the following, in addition to the usual
'SSLCertificateFile' and 'SSLCertificateKeyFile' directives:
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca-bundle-comodo.crt
Are you saying that I can can just cat this file with my issued cert and
it will work just fine? Hm... I guess I could just test this with a
test installation and some /etc/hosts entries.
> And no, the CA file is to verify client certs. In this case you put the
> certificate and the intermediary certificate in the same file (*.cert)
> You don't need a tls_ca_file unless you are verifying client certs.
> (unlikely)
Yeah, that's what I figured; thanks for the clarification.
Wil
--
Wil Cooley wcooley at nakedape.cc
Naked Ape Consulting http://nakedape.cc
* * * * * * Linux Services for Small Businesses * * * * * *
* Naked Ape Consulting http://nakedape.cc *
* Naked Ape Business Server http://nakedape.cc/r/smb *
* Easy, reliable solutions for small businesses *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20040114/0c95da17/attachment.bin
More information about the Info-cyrus
mailing list