What is SSLCACertificateFile
SSLCACertificateFile, according to Apache httpd docs, is a directive that sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with.
These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to
In layman's terms, SSLCACertificateFile can be used to provide your "private", self-signed CA, that can issue client certificates, which will later be distributes to selected users.
Serve self-signed certificates with SSLCACertificateFile
First, you need to generate keys and certificate using OpenSSL
openssl req -config /usr/share/apache2/ssleay.cnf -new -key client.key -out client.csr openssl x509 -req -days 365 -CA /etc/apache2/ssl/apachelca2.pem -CAkey /etc/apache2/ssl/apachelca2.pem -CAcreateserial -in client.csr -extfile /usr/share/apache2/ssleay.cnf -extensions v3_req -out client.crt
apachelca2.pem has been generated, include the following directives in your
httpd.conf. Remember to remove what you don't use!
SSLCertificateFile /etc/apache2/ssl/apache.cer # site certificate signed by verisign SSLCertificateKeyFile /etc/apache2/ssl/apache.key # site key for certificate signed by verisign SSLCACertificateFile /etc/apache2/ssl/apachelca2.pem # your self signed CA
Install an Intermediate CA cert in Apache
In order to install an Intermediate CA cert in Apache, you have to specify a
.crt file in
Detailed steps can be found at RedHat Knowledge Base.