[SAC] SSL Certificate Followup
Sandro Santilli
strk at keybit.net
Sun May 1 09:46:59 PDT 2016
On Sun, May 01, 2016 at 06:15:51PM +0200, Sandro Santilli wrote:
> On Fri, Apr 29, 2016 at 08:37:37PM -0700, Alex Mandel wrote:
>
> > Then in apache add/replace in ssl site-available configs, note grep all
> > the sites-available for 443 to find the SSL configs.
> >
> > SSLEngine on
> > SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
> > SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
> > SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
>
> I noticed SSLCACertificateFile was removed.
> Don't know if it's related, but now git doesn't trust https anymore,
> for example:
>
> fatal: unable to access 'https://git.osgeo.org/gogs/rttopo/librttopo.git/':
> server certificate verification failed.
> CAfile: /etc/ssl/certs/ca-certificates.crt
> CRLfile: none
>
> This happend from different machines (my local one and tracsvn machine itself).
According to this answer, the problem may be in the order in which certs
where put in the ca-bundle-client.crt: http://stackoverflow.com/a/16577227
Did you produce that bundle yourself ? If so, do you know how to reorder
certs in it ?
--strk;
More information about the Sac
mailing list