[TriLUG] StartSSL (was Re: CAcert meeting -- how to prepare)
Matt Pusateri
mpusateri at wickedtrails.com
Mon Feb 9 20:36:43 EST 2009
On Feb 9, 2009, at 7:42 PM, Alan Porter wrote:
>
>
> This weekend, I played with StartSSL, and like Matt mentioned, I
> had to install an intermediate certificate on my web server. So my
> apache config looks like this:
>
> SSLEngine on
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
> SSLCertificateFile /etc/apache2/certs/calvin.alanporter.com-
> startssl.crt
> SSLCertificateKeyFile /etc/apache2/certs/calvin.alanporter.com.key
> SSLCertificateChainFile /etc/apache2/certs/
> startssl.sub.class1.server.ca.crt
> SSLCACertificateFile /etc/apache2/certs/startssl.ca.crt
>
> The ChainFile is an intermediate certificate. If you ask your browser
> to show you the chain of certs, it goes:
>
> + StartSSL root cert
> + StartSSL's sub.class1.server.ca.crt
> + my "calvin" cert, signed by StartSSL
>
> Alan
>
So this just boils down to an extra config line in the apache setup?
Client side it's not noticeable correct?
Matt P.
More information about the TriLUG
mailing list