[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8586) load cert+chain from TLSCertificateFile

FWIW, tls_g already has the behaviour that (I think) this ticket asks 
for: if you set TLSCertificateFile to a file containing concatenated 
server and intermediate certs, it sends the chain of both.

I found that useful in a setup very similar to what Andreas and Michael 
describe: slapd with a server certificate issued by an external/public 
CA, but trusting only a specific internal CA to authenticate clients.

The comparison to mod_ssl is apt. Note that in recent versions httpd 
also supports loading the entire chain from SSLCertificateFile.