Einen Überblick über das Administrationstool KeyHelp der Keyweb AG und dessen Download gibt es auf https://www.keyhelp.de

Dieses Forum soll es interessierten Benutzern ermöglichen, sich über KeyHelp auszutauschen und Hilfe bei Problemen zu finden.

SSLCertificateChainFile obsolete for httpd >= 2.4.8

You found a bug? Please tell us about.
Antworten
superrandom
Beiträge: 5
Registriert: Di 16. Jun 2020, 20:33

SSLCertificateChainFile obsolete for httpd >= 2.4.8

Beitrag von superrandom » Do 18. Jun 2020, 04:36

Hi there,

Just wanted to give you a heads up on SSLCertificateChainFile - it has been obsoleted. I've implemented a wildcard cert on my server and had to change the default SSL config from:

Code: Alles auswählen

    SSLCertificateFile /etc/ssl/keyhelp/keyhelp.pem
    SSLCertificateChainFile /etc/ssl/keyhelp/keyhelp-ca.crt
to

Code: Alles auswählen

    SSLCertificateFile /etc/ssl/keyhelp/keyhelp.pem
The file above has the wildcard's fullchain and privkey concatenated:

Code: Alles auswählen

cat /home/acmehelper/certs/domain.us/{fullchain,privkey}.pem > /etc/ssl/keyhelp/default.pem
Might be an extra line in your installer but I think it's worth it, makes it manageable with less config changes and messing with immutable flags and so on. Heck you might even template the pem location and make it configurable (including for adding certificates vs only uploading one when it's perfectly fine sitting on the server itself, auto-updating with a cron).

Ok maybe this is more than 1 request per post, sorry :)

Specs: debian 10, keyhelp 20.1, httpd 2.4.38
Antworten

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast