Hello,
On 1/29/12 2:53 PM, Daniel Pocock wrote:
Construct the PEM file in this exact order:
cat server.example.com.pem> chain-server.example.com.pem cat inter2.pem>> chain-server.example.com.pem cat inter1.pem>> chain-server.example.com.pem
and then, in tls.cfg:
certificate=chain-server.example.com.pem
This applies to almost all OpenSSL based implementations. But it should be documented somewhere.
This post will probably end up in Google - so people will find it that way (including me, when I've forgotten this little detail at some point in the future)
It's a little bit different in Apache, where the user specifies a file containing intermediate certs - many of the CAs give instructions for adding that file in Apache, but they make no mention of OpenSSL/Kamailio/concatenating everything, so I imagine people will get stuck on things like this
we can include your notes to the readme, they may help people looking for same subject in the future.
If you create a patch against a docbook xml file in modules/tls/doc/*.xml, adding a new section or to Important Notes, then we will commit.
As a general policy, we are happy always to get improvements to documentation, for large enhancements we can allow git commit as well.
Cheers, Daniel