[TriLUG] StartSSL (was Re: CAcert meeting -- how to prepare)
Alan Porter
porter at trilug.org
Mon Feb 9 19:42:01 EST 2009
This weekend, I played with StartSSL, and like Matt mentioned, I
had to install an intermediate certificate on my web server. So my
apache config looks like this:
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /etc/apache2/certs/calvin.alanporter.com-startssl.crt
SSLCertificateKeyFile /etc/apache2/certs/calvin.alanporter.com.key
SSLCertificateChainFile /etc/apache2/certs/startssl.sub.class1.server.ca.crt
SSLCACertificateFile /etc/apache2/certs/startssl.ca.crt
The ChainFile is an intermediate certificate. If you ask your browser
to show you the chain of certs, it goes:
+ StartSSL root cert
+ StartSSL's sub.class1.server.ca.crt
+ my "calvin" cert, signed by StartSSL
Alan
.
More information about the TriLUG
mailing list