Merging tlscertfile and tlscafile to only one TLS certificate
Julien ÉLIE
julien at trigofacile.com
Wed Sep 8 20:47:25 UTC 2021
Hi all,
A ticket has recently been opened regarding the use of tlscertfile and
tlscafile. (Looks like it is easier to contact us via Github than Trac!)
https://github.com/InterNetNews/inn/issues/164
Currently, we have 2 files to deal with TLS certificates:
- tlscertfile, from which INN loads only one certificate (the first);
- tlscafile, from which INN loads all intermediary certificates.
Another possibility would be to only have 1 parameter, pointing to a
file containing the whole chain.
I see in the inn.conf documentation:
"Note that unlike Apache's SSLCertificateFile directive, tlscertfile
should not contain a concatenation of certificates. Instead, if you
have a certificate authority root certificate, set tlscafile to its path."
Wouldn't it be better to do the same thing as Apache? Is there a reason
for separating the certificates? (In case there is one global CA file
for the news server shared with several applications, it might make
sense to have it elsewhere so maybe that is the reason, though it seems
confusing to people.)
--
Julien ÉLIE
« Quae longo tempore extenuentur corpora, lente reficere oportet. »
(Hippocrate)
More information about the inn-workers
mailing list