ca.crt and ca-bundle.crt contain the CA certs i.e. certs that were used to sign and verify the other certs. The certs of Verising, Twahte etc. You need them in case the client of you server authenticates himself with some cert, so you can verify his cert with those among CA certs.
You must have ca-bundle somewhere in /usr/share/ but you need it only if you want clients to authenticate themselves explicitly with the certificates. I personally run my own CA, so I do not need any of those files, but I have setup the directory with hashed references to my CA cert files and CRLs, that are distributed among all my servers. ****************************************************************************** Hello, I am new to the Apache & SSL. I am setting a Fedora Core 2 box, with Apache 2.0 and openssl. Under the HTTP configuration tools, when I enable the SSL, it asked me to enter the path for 4 files: server.key, server.crt, ca.crt, ca-bundle.crt. I searched with Google and found the instructions to creat the first two, <servername>.key, and <servername>.crt. However, I can't find the instructions to create the ca.crt (Certificate Chain File) and ca-bundle.crt (Certificate Authority File). The configuration utility won't let me leave it blank. Can someone tell me where or how to get those files? Also, how can I setup the HTTP so when the browser point to that folder, only https is allowed? Thanks! Sunny ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
