“That’s usually not one expect”
I figured out how to get the damned Comodo Certificate that somebody else installed into the damn Plesk server to work. Among my obstacles were unhelpful technical support from Comodo, and bizarre rambling posts in the Plesk message board, and at long last, completely inscrutable documentation from Apache:
Because although placing a CA certificate of the server certificate chain into SSLCACertificatePath has the same effect for the certificate chain construction, it has the side-effect that client certificates issued by this same CA certificate are also accepted on client authentication. That’s usually not one expect.
Basically, the trick is that Plesk puts a rootchain.pem in the /usr/local/psa/admin/conf, so what one must do, is try not to read the Apache documentation too much, and add the following line to the /usr/local/psa/admin/conf/httpsd.conf:
SSLCertificateChainFile /usr/local/psa/admin/conf/rootchain.pem
It’s only taken a few weeks of casual research to figure this out.
