Hello,
I have Apache 2.4 (win32) and have the following in my CA bundle.
Root 1
Subordinate 1
Subordinate 2
My server was signed off Subordinate 1
When I do openssl s_client -connect server:443
it shows both Subordinate 1 and Subordinate 2 in the acceptable CA names.
If I remove Subordinate 2
It sounds like you have 1 website, and you want to make sure both public
users, and LAN users can see the content. I think it's best to do as Jason
suggested an use the public hostname as the CN, and do a subject alt DNS
name of the server.lan or you could create DNS records in your lan to
resolve
Hello all,
I have been attempting to configure httpd to support a hybrid mix of CRL
and OCSP checking. Currently I have 2 CAs, CA1 and CA2. My OCSP responder
generates data for CA1, and I have a CRL published for CA2. I have created
2 client auth certificates for testing. When I enable only OCSP
Is there a way to configure httpd to use specific responders for specific
issuers?
For example: Suppose I have 2 self signed root CA's. CA1 and CA2. I also
have 2 OCSP responders. RSP1 signed off CA1 and RSP2 signed off CA2. I
would like to know if it's possible to configure a web server to sen
Would you mind sharing the benefit of having an empty chain i thought the
chain should always at least include the server cert.
On Wed, Jan 29, 2014 at 6:27 PM, Hanno Böck wrote:
> If anyone wonders: I now learned that there is a way to configure an
> empty chain.
> You can't have an empty (0 b
Why have it be blank, cant you just make the chain be it's self if there is
no issuer?
SSLCertificateChainFile /etc/ssl/private/vhost.chain
On Sat, Jan 25, 2014 at 1:51 PM, Hanno Böck wrote:
> Hi,
>
> I have some kind of tricky SSL configuration issue. I have a server
> that has a certificate
