SSL/TLS question

Wil Cooley wcooley at
Thu Jan 15 02:44:00 EST 2004

On Wed, 2004-01-14 at 16:05, Joe Rhett wrote:
> Use the exact same files for the web server as for the Cyrus mail server.
> They're both using the same library.

Well, in Apache I have the following, in addition to the usual
'SSLCertificateFile' and 'SSLCertificateKeyFile' directives:

SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca-bundle-comodo.crt

Are you saying that I can can just cat this file with my issued cert and
it will work just fine?  Hm... I guess I could just test this with a
test installation and some /etc/hosts entries.

> And no, the CA file is to verify client certs.  In this case you put the
> certificate and the intermediary certificate in the same file (*.cert)
> You don't need a tls_ca_file unless you are verifying client certs.
> (unlikely)

Yeah, that's what I figured; thanks for the clarification.

Wil Cooley                                 wcooley at
Naked Ape Consulting              
* * * * * *  Linux Services for Small Businesses  * * * * * *
* Naked Ape Consulting          *
* Naked Ape Business Server  *
*       Easy, reliable solutions for small businesses       *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the Info-cyrus mailing list