Apache 2.2, SSLCACertificateFile

Discussion in 'Server Operation' started by Justin Albstmeijer, Mar 11, 2019.

  1. Hi,
    I updated an old closed bug report a month ago, but as I did not get any feedback I'm tying it now through the forum.
    Am I missing something? The template does not seem to set SSLCACertificateFile in any case.
    Should I not be using the "SSL Bundle" gui field for Apache 2.2?
    Gr, J
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The GUI field is used for all Apache versions, so you shall keep using it and you have to enter your SSL Bundle there. The only thing that has changed in recent Apache versions is that apache requires it that the bundle SSL certificates are saved inside the crt file and not in a separate file and that's what ISPConfig is doing.
  3. Ok, but in my case with Apache 2.2 the Bundle is loaded by the SSLCertificateChainFile directive which causes SSL chain order errors.
    Switching to SSLCACertificateFile by editing it manually solves it.
    This seems in line with your comment https://git.ispconfig.org/ispconfig/ispconfig3/issues/3369#note_53118
    But the template still uses SSLCertificateChainFile for Apache versions below 2.4.8.
    Where in the template https://git.ispconfig.org/ispconfig/ispconfig3/blob/master/server/conf/vhost.conf.master is SSLCACertificateFile used for versions beyond 2.4.8?, don't see that either.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The bug report you commented on is about the opposite of what you request. The report requested to actually use SSLCertificateChainFile instead of SSLCACertificateFile while you request now to use SSLCACertificateFile instead of SSLCertificateChainFile.

    You can use whatever directive you need for your server by creating a custom vhost template, copy the file /usr/local/ispconfig/server/conf/vhost.conf.master to /usr/local/ispconfig/server/conf-custom/ and then edit the copied file in conf-custom folder and replace the word SSLCertificateChainFile with the word SSLCACertificateFile
  5. Ok, I must have misinterpreted your comment than in the bug report. I thought you declined the request.
    I'll use a custom template in that case.

Share This Page