Why have it be blank, cant you just make the chain be it's self if there is no issuer?
SSLCertificateChainFile /etc/ssl/private/vhost.chain On Sat, Jan 25, 2014 at 1:51 PM, Hanno Böck <ha...@hboeck.de> wrote: > Hi, > > I have some kind of tricky SSL configuration issue. I have a server > that has a certificate with an intermediate certificate as the default. > However, I have one virtual host which only has a certificate with no > intermediate. > > So something like this: > SSLCertificateFile /etc/ssl/private/apache.crt > SSLCertificateKeyFile /etc/ssl/private/apache.key > SSLCertificateChainFile /etc/ssl/private/apache.chain > <VirtualHost *:443> > [...] > SSLCertificateFile /etc/apache2/certs/private/somecert.crt > SSLCertificateKeyFile /etc/apache2/certs/private/somecert.key > </VirtualHost> > > What happens now is that the vhost with the single certificate ships > the default intermediate. > > If I set SSLCertificateChainFile to an empty file in the config, apache > tells me: > AH00526: Syntax error on line [...] of [...]: > SSLCertificateChainFile: file '/etc/apache2/chains/empty.pem' does not > exist or is empty > > Well, yeah. It is empty. Because I want it empty. However, it seems > apache thinks that's a syntax error. > > Is there any way to configure this? If not I think this is a bug. It is > completely valid to have a vhost with no certificate chain. > > > cu, > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: BBB51E42 >
