Intermediate cert in relayd?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Intermediate cert in relayd?

bernd-34
Hi list,

I'm planning to configure SSL offloading using relayd(8).

The manpage for relayd.conf(5) states the following:

``If the ssl keyword is present, the relay will accept connections
using the encrypted SSL protocol.  The relay will attempt to look
up a private key in /etc/ssl/private/address:port.key and a
public certificate in /etc/ssl/address:port.crt, where address is
the specified IP address and port is the specified port that therelay
listens on.  If these files are not present, the relay will
continue to look in /etc/ssl/private/address.key and
/etc/ssl/address.crt.  See ssl(8) for details about SSL server
certificates.''

However, I also got an intermediate certificate provided by my CA. Using
it in Apache, e.g., is no problem, however I wonder how to get this
configured in(to) relayd... any clues?

Thanks & best,

Bernd

Reply | Threaded
Open this post in threaded view
|

Re: Intermediate cert in relayd?

Giancarlo Razzolini-3
Em 02-12-2013 06:05, Bernd escreveu:

> Hi list,
>
> I'm planning to configure SSL offloading using relayd(8).
>
> The manpage for relayd.conf(5) states the following:
>
> ``If the ssl keyword is present, the relay will accept connections
> using the encrypted SSL protocol.  The relay will attempt to look
> up a private key in /etc/ssl/private/address:port.key and a
> public certificate in /etc/ssl/address:port.crt, where address is
> the specified IP address and port is the specified port that therelay
> listens on.  If these files are not present, the relay will
> continue to look in /etc/ssl/private/address.key and
> /etc/ssl/address.crt.  See ssl(8) for details about SSL server
> certificates.''
>
> However, I also got an intermediate certificate provided by my CA.
> Using it in Apache, e.g., is no problem, however I wonder how to get
> this configured in(to) relayd... any clues?
>
> Thanks & best,
>
> Bernd
>
Bernd,

    You can try concatenating all your certs in one single file, the CA
cert, intermediate cert and your cert. The order matters your CA cert
must be on the bottom of the file, the intermediate in the middle and
your cert in the top. This might work. Your private key must still be
kept in a separate file.

Cheers,

--
Giancarlo Razzolini
GPG: 4096R/77B981BC