“That’s usually not one expect”
I figured out how to get the damned Comodo Certificate that somebody else installed into the damn Plesk server to work. Among my obstacles were unhelpful technical support from Comodo, and bizarre rambling posts in the Plesk message board, and at long last, completely inscrutable documentation from Apache:
Because although placing a CA certificate of the server certificate chain into SSLCACertificatePath has the same effect for the certificate chain construction, it has the side-effect that client certificates issued by this same CA certificate are also accepted on client authentication. That’s usually not one expect.
Basically, the trick is that Plesk puts a rootchain.pem in the /usr/local/psa/admin/conf, so what one must do, is try not to read the Apache documentation too much, and add the following line to the /usr/local/psa/admin/conf/httpsd.conf:
SSLCertificateChainFile /usr/local/psa/admin/conf/rootchain.pem
It’s only taken a few weeks of casual research to figure this out.
Response
Andrew Punch
Thanks for the info. I had similar problems with Commode and client certificates.
Comment / Tip
. . . or leave a Tip
Danny Howard is 100% responsible for the content on this site, except some of it is stolen.
All rights are reserved, unless otherwise noted. Generally, I'm a BSD guy, so you can assume implicit permission to adapt, modify, and redistribute my intellectual property with appropriate attribution. Except some of this content is itself re-appropriated, so you'd best ask first, especially for commercial use. Thanks!
You can contact me via e-mail: dannyman@toldme.com
Most of http://dannyman.toldme.com/ is powered by WordPress.
If you're hip to RSS and whatnot, you can subscribe to this site.
These links are for dannyman: login AND backlinks