dannyman.toldme.com : “That’s usually not one expect”

April 30, 2004
Technical

“That’s usually not one expect”

I figured out how to get the damned Comodo Certificate that somebody else installed into the damn Plesk server to work. Among my obstacles were unhelpful technical support from Comodo, and bizarre rambling posts in the Plesk message board, and at long last, completely inscrutable documentation from Apache:

Because although placing a CA certificate of the server certificate chain into SSLCACertificatePath has the same effect for the certificate chain construction, it has the side-effect that client certificates issued by this same CA certificate are also accepted on client authentication. That’s usually not one expect.

Basically, the trick is that Plesk puts a rootchain.pem in the /usr/local/psa/admin/conf, so what one must do, is try not to read the Apache documentation too much, and add the following line to the /usr/local/psa/admin/conf/httpsd.conf:

SSLCertificateChainFile /usr/local/psa/admin/conf/rootchain.pem

It’s only taken a few weeks of casual research to figure this out.

/danny

Next: Props to FreeBSD and its USB Support
Previous: Write What You Know
Categories: Technical
Possibly-Related Posts

Response

February 7th, 2005

Andrew Punch

Thanks for the info. I had similar problems with Commode and client certificates.

Comment

Name	E-Mail	Web Site

Tiny Print:

For private messages, e-mail me: dannyman@toldme.com.
You must provide an e-mail address.
You can use a bogus e-mail address, but I like to know who you are.
I will not spam you. I will not publish or share your e-mail address.
First-time commenters will be held for review.
You can use these HTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

dannyman.toldme.com

“That’s usually not one expect”

Read More

Response

Andrew Punch

Comment