Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSLCertificateChainFile is obsolete

Tags:

ssl

apache

mod-ssl

I'm on Apache 2.4.12, so SSLCertificateChainFile is now obsolete, and any intermediate certificates are supposed to be included in the server certificate file. I cannot figure out how to do this, however--any combination of certificates other than only the site certificate inside the specified file causes an invalid key error. How do I properly include the intermediate certificate inside the file that I specify using SSLCertificateFile?

like image 533
vaindil Avatar asked Jul 12 '15 17:07

vaindil

People also ask

What is Sslcertificatechainfile?

SSLCertificateKeyFile. This directive points to the PEM-encoded private key file for the server. If the contained private key is encrypted, the passphrase dialog is forced at startup time.

Where is Sslcertificatefile?

The file may be called httpd. conf, apache2. conf or ssl. conf and may be located at /etc/httpd/, /etc/apache2/ or /etc/httpd/conf.

What is Ssl_module in Apache?

mod_ssl is an optional module for the Apache HTTP Server. It provides strong cryptography for the Apache v1. 3 and v2 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) cryptographic protocols by the help of the Open Source SSL/TLS toolkit OpenSSL.

How do I get a SSL certificate chain file?

Get Your Certificate Chain If you have missing chain certificates or don't know what they are, you can use the certificate chain composer tool above to fetch them. Simply paste in the contents of your . crt file and it will return your complete certificate including the intermediate certificates.

1 Answers

Taken from the Apache 2.4 Module mod_ssl documentation:

SSLCertificateFile Directive

The files may also include intermediate CA certificates, sorted from leaf to root. This is supported with version 2.4.8 and later, and obsoletes SSLCertificateChainFile.

What this means is that the SSLCertificateFile directive now (after 2.4.8) accepts files with a full certificate chain (from leaf to root). If you have your server certificate in domain.crt and the CA chain file in domain-ca.crt, you'd need to concatenate both files from leaf to root, i.e. starting with your server certificate, as in

cat domain.crt domain-ca.crt > bundle.crt

and use that file inside your site's conf file:

SSLCertificateFile      /path/to/bundle.crt

(For example, using Ubuntu default path, these files will be stored at /etc/apache2/ssl/.)

like image 144
Jonathan Y. Avatar answered Sep 21 '22 23:09

Jonathan Y.
Sign in to Comment

Related questions

MAMP on Windows 10 - Apache Server starts and then stops
Phusion Passenger with Ruby 1.8 and 1.9?
SVG images not displaying on certain web servers
no such file to load -- bundler/setup
Rewrite all URLs except one
.htaccess is ignored when using an aliased URI
Django virtual host setup. Apache mod_wsgi
How to split existing apache logfile by month?
Deploy Django with Gunicorn and APACHE
Apache URL Re-writing not functioning properly
Configure htaccess to serve static django files
Apache Clean-Urls with MultiViews enabled
Node.js http response end event?
How to get properly encoded apache error.log with tailf?
PHP/Apache Error:406 Not Acceptable
LAMP stack's PHP not working (Ubuntu 13.10 / Apache 2.4.6)
What is the recommended max value for Max Connections Per Child in Apache configuration?
How to call a function when Apache terminates a Flask process?
Apache HTTP Server: How to restrict access to directory listings to some ip ranges?
How to get apache to serve static files on Flask webapp

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!