SSLCertificateChainFile obsolete for httpd >= 2.4.8

Locked
superrandom
Posts: 9
Joined: Tue 16. Jun 2020, 20:33

SSLCertificateChainFile obsolete for httpd >= 2.4.8

Post by superrandom »

Hi there,

Just wanted to give you a heads up on SSLCertificateChainFile - it has been obsoleted. I've implemented a wildcard cert on my server and had to change the default SSL config from:

Code: Select all

    SSLCertificateFile /etc/ssl/keyhelp/keyhelp.pem
    SSLCertificateChainFile /etc/ssl/keyhelp/keyhelp-ca.crt
to

Code: Select all

    SSLCertificateFile /etc/ssl/keyhelp/keyhelp.pem
The file above has the wildcard's fullchain and privkey concatenated:

Code: Select all

cat /home/acmehelper/certs/domain.us/{fullchain,privkey}.pem > /etc/ssl/keyhelp/default.pem
Might be an extra line in your installer but I think it's worth it, makes it manageable with less config changes and messing with immutable flags and so on. Heck you might even template the pem location and make it configurable (including for adding certificates vs only uploading one when it's perfectly fine sitting on the server itself, auto-updating with a cron).

Ok maybe this is more than 1 request per post, sorry :)

Specs: debian 10, keyhelp 20.1, httpd 2.4.38
Locked