You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by domi <Ke...@web.de> on 2007/03/14 14:36:03 UTC
[users@httpd] *.pem certificates and the directive: AddType
application/x-x509-ca-cert .crt
Hello,
I’m running a small Apache Webser with SSL (I’ve built my own CA and I use
self created certificates) for testing-purposes and everything works as
expected. (Apache 2.2.3 and OpenSSL 0.9.8d on SUSE 10.2) But today I
stumbled across the following observation. Please take a look at my
following ssl-global.conf.
As you can see I use the directive AddType application/x-x509-ca-cert .crt
but at the end my certificates have got .pem form.
This might be a dump question but I’m rather new in the Apache-world and so
I wonder why I don’t need an AddType application/x-x509-ca-cert .pem
directive.
Or does .crt include .pem? I’ve found a lot of howtos to build
.pem-certificates but I wasn’t able to find a document where AddType
application/x-x509-ca-cert .pem is used.
my ssl-global.conf:
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000)
SSLSessionCacheTimeout 600
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<VirtualHost _default_:443>
ServerName 192.168.0.5:443
ErrorLog /opt/myownca/ssl_error_log
TransferLog /opt/myownca/ssl_access_log
SSLEngine on
SSLCiphersuite HIGH:MEDIUM
SSLProtocol all
SSLCertificateFile /opt/myownca/certificates/01.pem
SSLCertificateKeyFile /home/somewhere/certificatekey.pem
# SSLCertificateChainFile /opt/myown/cacert.pem
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>
I hope that you’ll be able to help me.
Best regards domi
--
View this message in context: http://www.nabble.com/*.pem-certificates-and-the-directive%3A-AddType-application-x-x509-ca-cert-.crt-tf3402178.html#a9474487
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] *.pem certificates and the directive: AddType application/x-x509-ca-cert .crt
Posted by Vincent Bray <no...@gmail.com>.
On 14/03/07, domi <Ke...@web.de> wrote:
>
> Hello,
>
> I'm running a small Apache Webser with SSL (I've built my own CA and I use
> self created certificates) for testing-purposes and everything works as
> expected. (Apache 2.2.3 and OpenSSL 0.9.8d on SUSE 10.2) But today I
> stumbled across the following observation. Please take a look at my
> following ssl-global.conf.
>
> As you can see I use the directive AddType application/x-x509-ca-cert .crt
> but at the end my certificates have got .pem form.
> This might be a dump question but I'm rather new in the Apache-world and so
> I wonder why I don't need an AddType application/x-x509-ca-cert .pem
> directive.
You would only need to use AddType for pem files if you wished to
serve them via http. AddType tells apache what mime type to use when
serving files based on the 'extension'. As for mod_ssl understanding
what format your cert file/bundles are in.. I don't know but I expect
that can be determined by looking at the file contents.
--
noodl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org