top | item 8730860

(no title)

jackalope | 11 years ago

Doesn't it seem that configuration is needlessly complex for certificates? I think it would be easier to list the entire chain in one directive:

    TLSCertificates /path/to/host.crt /path/to/intermediate.crt /path/to/root.crt

That would support any number of intermediates and remove the need to concatenate certificates into a single file. Terminating with the root certificate would be optional, but if present the server could perform a check to verify the chain to the very end when starting.

discuss

No comments yet.