When using Apache with SSL, does the entire certificate specified with “SSLCertificateFile” directive get handed to the client?
When using Apache with SSL, does the entire certificate specified with “SSLCertificateFile” directive get handed to the client?
If so, does it contain the private key as well as the public key?
Only the certificate (which contains the public key and extra information such as the identity of the machine, but not the private key) is sent to the client. If there is a chain to a CA (either via SSLCertificateChainFile or via SSLCACertificatePath or SSLCACertificateFile), the chain of certificates should be sent. You’ll see the full chain with the -showcerts options with openssl s_client:
echo | openssl s_client -showcerts -connect www.your.host.example:443
You may, but don’t have to put the private key in the same file, it can be separated into SSLCertificateKeyFile.
Check more discussion of this question.
Related posts:
Leave a comment
Recent Posts
Tags
active-directory
amazon-ec2
apache
apache2
backup
bash
centos
cisco
command-line
debian
dns
email
exchange
firewall
iis
iis7
iptables
linux
macosx
monitoring
mysql
networking
nginx
performance
permissions
php
postfix
raid
security
sql-server
sql-server-2005
sql-server-2008
ssh
ssl
ubuntu
unix
virtualization
vpn
webserver
windows
windows-7
windows-server-2003
windows-server-2008
windows-server-2008-r2
windows-xp