Merging tlscertfile and tlscafile to only one TLS certificate
julien at trigofacile.com
Wed Sep 8 20:47:25 UTC 2021
A ticket has recently been opened regarding the use of tlscertfile and
tlscafile. (Looks like it is easier to contact us via Github than Trac!)
Currently, we have 2 files to deal with TLS certificates:
- tlscertfile, from which INN loads only one certificate (the first);
- tlscafile, from which INN loads all intermediary certificates.
Another possibility would be to only have 1 parameter, pointing to a
file containing the whole chain.
I see in the inn.conf documentation:
"Note that unlike Apache's SSLCertificateFile directive, tlscertfile
should not contain a concatenation of certificates. Instead, if you
have a certificate authority root certificate, set tlscafile to its path."
Wouldn't it be better to do the same thing as Apache? Is there a reason
for separating the certificates? (In case there is one global CA file
for the news server shared with several applications, it might make
sense to have it elsewhere so maybe that is the reason, though it seems
confusing to people.)
« Quae longo tempore extenuentur corpora, lente reficere oportet. »
More information about the inn-workers