SSLCACertificatePath directive

SSLCACertificatePath directive

am 08.08.2007 14:26:05 von Arsen Hayrapetyan

Hello,

I have a bunch of certificates of CAs which I want to put in directory
pointed by SSLCACertificatePath directive. All of them have the filenames
in the form hash-value.0 The mod_ssl official documentation says:
"The files in this directory have to be ... accessible through hash
names. So usually you can't just place the certificate files there: you
also have to create symbolic links named hash-value.N".

1) What should be N in the CA certificate file name? Should
certificate file names have sequential N's, reflecting the prefered
order of checking against them during client authentication?

2) Are symbolic links mandatory? Can I put the hash-value.N files there
without creating the links?

Thanks in advance,
Arsen.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: SSLCACertificatePath directive (UNCLASSIFIED)

am 08.08.2007 19:53:59 von Dwight.Victor.ctr

This is a multi-part message in MIME format.

------=_NextPart_000_001D_01C7D991.477D5570
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

Classification: UNCLASSIFIED
Caveats: NONE


Hello Arsen,

If you're using mod_ssl/OpenSSL on Linux, I know you can use the c_rehash
command to automatically create the required symoblic links. On my install,
c_rehash is in the /usr/local/bin directory.

Hope that helps,

Dwight...

---
Dwight Victor, CISSP (Contractor)
DISA-PAC EMSS Gateway Hawaii
EMAIL: dwight.victor.ctr@disa.mil
TEL: (808) 653-3677 ext 229

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Arsen Hayrapetyan
Sent: Wednesday, August 08, 2007 2:26 AM
To: modssl-users@modssl.org
Subject: SSLCACertificatePath directive

Hello,

I have a bunch of certificates of CAs which I want to put in directory
pointed by SSLCACertificatePath directive. All of them have the filenames in
the form hash-value.0 The mod_ssl official documentation says:
"The files in this directory have to be ... accessible through hash names.
So usually you can't just place the certificate files there: you also have
to create symbolic links named hash-value.N".

1) What should be N in the CA certificate file name? Should certificate file
names have sequential N's, reflecting the prefered order of checking against
them during client authentication?

2) Are symbolic links mandatory? Can I put the hash-value.N files there
without creating the links?

Thanks in advance,
Arsen.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Classification: UNCLASSIFIED
Caveats: NONE


------=_NextPart_000_001D_01C7D991.477D5570
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIS4jCCAmcw
ggHQoAMCAQICAQQwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAW BgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNV BAMTE0RvRCBDTEFT
UyAzIFJvb3QgQ0EwHhcNMDAwNTE5MTMxMzAwWhcNMjAwNTE0MTMxMzAwWjBh MQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAK BgNVBAsTA1BLSTEc
MBoGA1UEAxMTRG9EIENMQVNTIDMgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEA
tTD+ZL7qzG3tgSz3f+kZug5paijhqanLlVgf8eaaaVPgiD+RxVG5Y5eo5iGM E142PKhX+vhwLExq
y78wp0wW5DJc+BKwUfgWV40vtE36LqiU6Cph1FcNR85uLC9+mGfMAAirtpYW NcKFkeVboArHZlJi
82F1lReuvCpWKaXgK1MCAwEAAaMvMC0wHQYDVR0OBBYEFGycpfBcj21BjcQX O5BXwg+jzW3+MAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAr3FE+ZcjzGhpjEMHQbqI ILMiAEHImKBVHM0/
brGTXK36GJq7HHNv/SRCj4efUc++hp/p14pITwjZaZSsP+YPLZcPKJN2T2Lf /6DNYfimhgwxNCDc
fy+o+zm+le44WQJiwd5sFU/g35275HlzJP1jZJX3SqiZH0hllcd7v3gy53ow ggP0MIIDXaADAgEC
AgMZ8dMwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxGDAWBgNVBAoT D1UuUy4gR292ZXJu
bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGjAYBgNVBAMTEURP RCBDTEFTUyAzIENB
LTEwMB4XDTA1MTAxMTAwMDAwMFoXDTA4MTAwMzIzNTk1OVowgYIxCzAJBgNV BAYTAlVTMRgwFgYD
VQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD UEtJMRMwEQYDVQQL
EwpDT05UUkFDVE9SMSgwJgYDVQQDEx9WSUNUT1IuRFdJR0hULlBISUxJUC4x MjY4NzczMTA2MIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGtatc27IN+5VIX07ErsMMt88n 7NsRUQj6dItWA6c4
RFU+rcLdfByywAr4DWTMFFMYkL0CGmmdOTaZA8W4jWt3X++7elikr4LWmmoU v0/WqY7Bye3w0Dwc
y0WwLKi5Uy8PCqdfN2/kaPpLFWln27ACPi/V5Zdlt2kX4YQHNSrp2QIDAQAB o4IBmDCCAZQwDgYD
VR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFDUnGjCMHk2mYHu3LTpGLkupLysw MB0GA1UdDgQWBBR4
N9gb8hTWkNf4y/Zs9AZ2rwAKLjAWBgNVHSAEDzANMAsGCWCGSAFlAgELCTB9 BgNVHRIEdjB0hnJs
ZGFwOi8vZHMtNC5jM3BraS5kZW4uZGlzYS5taWwvY24lM2RET0QlMjBDTEFT UyUyMDMlMjBDQS0x
MCUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1l bnQlMmNjJTNkVVMw
gaoGA1UdHwSBojCBnzCBnKCBmaCBloaBk2xkYXA6Ly9kcy00LmMzcGtpLmRl bi5kaXNhLm1pbC9j
biUzZERPRCUyMENMQVNTJTIwMyUyMENBLTEwJTJjb3UlM2RQS0klMmNvdSUz ZERvRCUyY28lM2RV
LlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRp b25saXN0O2JpbmFy
eTANBgkqhkiG9w0BAQUFAAOBgQARGOMmXEyNRvTInT4IdnavBhh7siT2sCMt I/TlRuqO93rj5/ji
yS0xPTMwElZFjqU2vnIECjHs3fb0/thZ82URriwaK7LWNnLl+ZH5fqRFHDM0 78Li3iMxTUKb9dnS
YlcFuyQ+A+YOTG+Dp3rRP6xqDGN3C2iqMwteIvHr/vjtfDCCBBYwggN/oAMC AQICAScwDQYJKoZI
hvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu bWVudDEMMAoGA1UE
CxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNVBAMTE0RvRCBDTEFTUyAzIFJv b3QgQ0EwHhcNMDMw
NjEwMDk1MjQxWhcNMDkwNjA4MDk1MjQxWjBfMQswCQYDVQQGEwJVUzEYMBYG A1UEChMPVS5TLiBH
b3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEaMBgGA1UE AxMRRE9EIENMQVNT
IDMgQ0EtMTAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIl3jnkfyFSw DCl+lkhsALfMk7iX
sxSPtUc0tdqvf3lglnpXHWV/3kSMTNwWXHJ09SK+Zw0+k29h0sVkWR02CmTj au1sZRhh2+m5naAA
yHdgIOebAYHff5BJnzdXSnhlJ+kjaQchGe6gTVKVUr1yG5ocHAUOnghgFkPZ 8RW5PWlTAgMBAAGj
ggHeMIIB2jAdBgNVHQ4EFgQUNScaMIweTaZge7ctOkYuS6kvKzAwDgYDVR0P AQH/BAQDAgGGMA8G
A1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADAfBgNVHSMEGDAWgBRsnKXw XI9tQY3EFzuQV8IP
o81t/jAwBgNVHSAEKTAnMAsGCWCGSAFlAgELBTALBglghkgBZQIBCwkwCwYJ YIZIAWUCAQsKMIGD
BgNVHRIEfDB6hnhsZGFwOi8vZHMtMy5jM3BraS5jaGFtYi5kaXNhLm1pbC9j biUzZERvRCUyMENM
QVNTJTIwMyUyMFJvb3QlMjBDQSUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNv JTNkVS5TLiUyMEdv
dmVybm1lbnQlMmNjJTNkVVMwgbAGA1UdHwSBqDCBpTCBoqCBn6CBnIaBmWxk YXA6Ly9kcy0zLmMz
cGtpLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9EJTIwQ0xBU1MlMjAzJTIwUm9v dCUyMENBJTJjb3Ul
M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2Ml M2RVUz9jZXJ0aWZp
Y2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeTANBgkqhkiG9w0BAQUFAAOBgQCm m1CSI3PtF0ENNidT
1nOG6KTVqh3340GqVusqwmwA/gUU0Ny7gmf4aMq02NiX5E7h/CTrSaLI1EcK woDdwoPLOWd0huSU
LhrKGxHTsM3AxR8OcdOGO8dVbbNJv2iP0iNb7VaXvJ3XSQEbl3sPVP6Gy8Rl 9TmFFrho7P0V+7Ot
aTCCBBwwggOFoAMCAQICASgwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMC VVMxGDAWBgNVBAoT
D1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kx HDAaBgNVBAMTE0Rv
RCBDTEFTUyAzIFJvb3QgQ0EwHhcNMDMwNjEwMDk1NTAxWhcNMDkwNjA4MDk1 NTAxWjBlMQswCQYD
VQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNE b0QxDDAKBgNVBAsT
A1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1BSUwgQ0EtMTAwgZ8wDQYJ KoZIhvcNAQEBBQAD
gY0AMIGJAoGBANQhe2pVqqwwtYkLXpPlJBxR3fip5SMYdRFf25JmURt8Zb1+ KhM6CCOWxBmPJg3E
R/L5rPtSRFuuco6M+lSHDfKnRKepJFBUfSieHPeBCtvh35PSvjDKXEQMf5G+ fmMcYL/HbHbDPrKx
UHx5SprkxqQKolLXpLcvbqlDu8565vBpAgMBAAGjggHeMIIB2jAdBgNVHQ4E FgQUbzcjpNMg6/QM
P2CfeUwLchDSPJcwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w DAYDVR0kBAUwA4AB
ADAfBgNVHSMEGDAWgBRsnKXwXI9tQY3EFzuQV8IPo81t/jAwBgNVHSAEKTAn MAsGCWCGSAFlAgEL
BTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIGDBgNVHRIEfDB6hnhsZGFw Oi8vZHMtMy5jM3Br
aS5jaGFtYi5kaXNhLm1pbC9jbiUzZERvRCUyMENMQVNTJTIwMyUyMFJvb3Ql MjBDQSUyY291JTNk
UEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNk VVMwgbAGA1UdHwSB
qDCBpTCBoqCBn6CBnIaBmWxkYXA6Ly9kcy0zLmMzcGtpLmNoYW1iLmRpc2Eu bWlsL2NuJTNkRG9E
JTIwQ0xBU1MlMjAzJTIwUm9vdCUyMENBJTJjb3UlM2RQS0klMmNvdSUzZERv RCUyY28lM2RVLlMu
JTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25s aXN0O2JpbmFyeTAN
BgkqhkiG9w0BAQUFAAOBgQCnZVmnmbJyuKSZpTUKwp7gCLe3akj225PQOrhH x0gt64LH2fvDEwhC
riHO8jRGIyDdRCQiDpPe9u2Y/xK/wvIUWDUBPML/m+OwGODiuTF81N8egB7O tG+iq2sa2oU+97oi
1rYIFj4djZnvWz49FG9q5FTodfD1Yphd3hfJ6Y+DCTCCBEEwggOqoAMCAQIC Ax/mxDANBgkqhkiG
9w0BAQUFADBlMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5t ZW50MQwwCgYDVQQL
EwNEb0QxDDAKBgNVBAsTA1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1B SUwgQ0EtMTAwHhcN
MDUxMDExMDAwMDAwWhcNMDgxMDAzMjM1OTU5WjCBgjELMAkGA1UEBhMCVVMx GDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzAR BgNVBAsTCkNPTlRS
QUNUT1IxKDAmBgNVBAMTH1ZJQ1RPUi5EV0lHSFQuUEhJTElQLjEyNjg3NzMx MDYwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAK+HFyjqsB3OI0A8uLG3w9mg0cgzxa94OPJG tVK9SoFxMlwnSHcx
mobboTnCNHKOXmkN6MT8bPp8Omeppf0zHTzSzcacwv/EkPz4Zk20IDwceo2R evXy01u7U3777ZtW
1EzLrjAL6mY6oD2KXZG45OpJDjg4oNGbpo2k2WPTIP3bAgMBAAGjggHfMIIB 2zAOBgNVHQ8BAf8E
BAMCBSAwJQYDVR0RBB4wHIEaZHdpZ2h0LnZpY3Rvci5jdHJAZGlzYS5taWww HwYDVR0jBBgwFoAU
bzcjpNMg6/QMP2CfeUwLchDSPJcwHQYDVR0OBBYEFJGhNIbyEnLXIMahd22+ LZAQg6FOMBYGA1Ud
IAQPMA0wCwYJYIZIAWUCAQsJMIGOBgNVHRIEgYYwgYOGgYBsZGFwOi8vZW1h aWwtZHMtNC5jM3Br
aS5kZW4uZGlzYS5taWwvY24lM2RET0QlMjBDTEFTUyUyMDMlMjBFTUFJTCUy MENBLTEwJTJjb3Ul
M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2Ml M2RVUzCBuAYDVR0f
BIGwMIGtMIGqoIGnoIGkhoGhbGRhcDovL2VtYWlsLWRzLTQuYzNwa2kuZGVu LmRpc2EubWlsL2Nu
JTNkRE9EJTIwQ0xBU1MlMjAzJTIwRU1BSUwlMjBDQS0xMCUyY291JTNkUEtJ JTJjb3UlM2REb0Ql
MmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVM/Y2VydGlmaWNhdGVy ZXZvY2F0aW9ubGlz
dDtiaW5hcnkwDQYJKoZIhvcNAQEFBQADgYEARRvrfgpwfPSmQh57wvP0Udjh VXud5CkqhR9jechp
Suv6zI81K5RazYSm3BZSGdKr7gbcpyYobSDRgYdI16VUqCnEHuuAB8+BqGmA vQ/5cj+XNnjdko41
ZCWsPVPDZ1h1FDH9xiVOSX5fbLJFIobWiLbcxdGtofPOGxSpA/oKNF0xggLS MIICzgIBATBmMF8x
CzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNV BAsTA0RvRDEMMAoG
A1UECxMDUEtJMRowGAYDVQQDExFET0QgQ0xBU1MgMyBDQS0xMAIDGfHTMAkG BSsOAwIaBQCgggHC
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3 MDgwODE3NTM1OVow
IwYJKoZIhvcNAQkEMRYEFCSJHFzV3KwfAU4cMHijzHJSzSbLMGcGCSqGSIb3 DQEJDzFaMFgwCgYI
KoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO AwIHMA0GCCqGSIb3
DQMCAgEoMAcGBSsOAwIaMAoGCCqGSIb3DQIFMHsGCSsGAQQBgjcQBDFuMGww ZTELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQww CgYDVQQLEwNQS0kx
IDAeBgNVBAMTF0RPRCBDTEFTUyAzIEVNQUlMIENBLTEwAgMf5sQwfQYLKoZI hvcNAQkQAgsxbqBs
MGUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAK BgNVBAsTA0RvRDEM
MAoGA1UECxMDUEtJMSAwHgYDVQQDExdET0QgQ0xBU1MgMyBFTUFJTCBDQS0x MAIDH+bEMA0GCSqG
SIb3DQEBAQUABIGAJpQ3RDxzVBnVREtqryHSiN86+rd6CcjMpjCOyQLrhNqc EDJaUip91w0clAc8
nQkaU3BK5ljWiGOfO0AeYWOvEtfZFhucCBQj6w54KhtHfMNBnLcmgVCeAEeN nP4D3fJ7XT4U0N6y
iSz6tDZUIe0LmdhKOnaDHvLMVYxm2T0ZFecAAAAAAAA=

------=_NextPart_000_001D_01C7D991.477D5570--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org