6 Aug
2019
6 Aug
'19
11:37 p.m.
On Tue, 6 Aug 2019, telsch wrote:
if i cat ssl_ca and ssl_cert into one file and only use ssl_cert it's working with 2.3.X ssl_ca =
In the words of Montoya, "I do not think it means what you think it means", referring to "ssl_ca". That file is not used to to establish the trust chain to your server certificate, but rather, to your client's certificates (e.g. if you run a local CA to issue user certificate for mutual authentication, you would put your local CA certificate here).
(Maybe this config variable should be renamed "ssl_client_ca".)
Appending intermediate and server certificates is what you're supposed to do.
Joseph Tam jtam.home@gmail.com