Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Difference Between SSLCACertificateFile and SSLCertificateChainFile

Tags:

ssl

ssl-certificate

apache

digital-certificate

I provide SSL pages on my web server, and I have a question. What is the difference between SSLCACertificateFile and SSLCertificateChainFile?

When I use SSLCertificateChainFile, I got warnings from Japanese cellular phone browser, but when I use PC browser(like IE, FF), there was no problem. On the other hand, SSLCACertificateFile didn't cause any problem for both browsers.

Is there any difference when browsers connect to apache?

like image 877
nam Avatar asked Dec 14 '09 09:12

nam

People also ask

What is SSLCACertificateFile?

What is SSLCACertificateFile. SSLCACertificateFile, according to Apache httpd docs, is a directive that sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication.

What is Sslcertificatekeyfile?

If SSLCertificateChainFile is specified, the webserver will attach the associated certificates (to build up a whole chain to a Root CA) to the webserver certificate.

Where is Sslcertificatefile?

The file may be called httpd. conf, apache2. conf or ssl. conf and may be located at /etc/httpd/, /etc/apache2/ or /etc/httpd/conf.

What is Ssl_module in Apache?

mod_ssl is an optional module for the Apache HTTP Server. It provides strong cryptography for the Apache v1. 3 and v2 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) cryptographic protocols by the help of the Open Source SSL/TLS toolkit OpenSSL.

1 Answers

SSLCertificateChainFile was a correct option to choose but this directive became obsolete as of Apache 2.4.8. This directive caused the listed file to be sent along with the certificate to any clients that connect.

SSLCACertificateFile (hereafter "CACert") supersedes SSLCertificateChainFile (hereafter "Chain"), and additionally permits the use of the cert in question to sign client certificates. This sort of authentication is quite rare (at least for the moment), and if you aren't using it, there's IMHO no reason to augment its functionality by using CACert instead of Chain. On the flipside, one could argue that there's no harm in the additional functionality, and CACert covers all cases. Both arguments are valid.

Needless to say, if you ask the cert vendor, they'll always push for CACert over Chain, since it gives them another thing (client certs) that they can potentially sell you down the line. ;)

like image 110
2 revs, 2 users 57% Avatar answered Sep 29 '22 21:09

2 revs, 2 users 57%
Sign in to Comment

Related questions

How do I use Spring Boot to serve static content located in Dropbox folder?
Best way to log POST data in Apache?
Run process with realtime output in PHP
How do I ignore a directory in mod_rewrite?
When setting environment variables in Apache RewriteRule directives, what causes the variable name to be prefixed with "REDIRECT_"?
How to choose between Jersey, Apache Wink and JBoss RESTEasy? [closed]
SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
Unable to locate tools.jar [duplicate]
Https to http redirect using htaccess
Apache VirtualHost and localhost
How do I change the default index page in Apache?
Block direct access to a file over http but allow php script access
How do I find the version of Apache running without access to the command line?
Authorization header missing in PHP POST request
Allow php sessions to carry over to subdomains
Need to allow encoded slashes on Apache
How do I run Node.js on port 80?
Why are my PHP files showing as plain text? [duplicate]
Redirect HTTP to HTTPS on default virtual host without ServerName
How to read Excel cell having Date with Apache POI?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!