In response to a certificate signing request, a certification authority sent a web server certificate along with the certificate of an intermediate certification authority that signed the web server certificate.
What should be done with the intermediate certificate in order to use the web server certificate with Apache HTTPD?
To properly use the web server certificate with Apache HTTPD, the intermediate certificate should be merged with the web server's certificate into one file that is specified in SSLCertificateFile. This approach ensures that the server sends the complete certificate chain to clients, preventing errors related to incomplete chains. Merging in this context typically means concatenating the intermediate certificate to the web server's certificate file.
You don't merge 2 certificates - they have a cryptographic hash! C is the correct answer https://techjourney.net/install-intermediate-ca-certificate-chain-cert-in-apache-httpd-server/
Certificates can be "merged" accordingly to this URL: https://www.thesslstore.com/knowledgebase/ssl-support/combining-multiple-intermediate-certificates/
Yes, or this other: https://access.redhat.com/solutions/43575 Where SSLCertificateChainFile is deprectated by SSLCertificateFile https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile Therefore A could be correct, the problem is that C too...
First of all I want to reference this: https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&guideline=5.6 Which states: SSLCertificateFile /path/to/signed_cert_and_intermediate_certs Which is basically "A". Merging in this context means concating, first the Webserver Cert then the Signer Cert If you request a letsencrypt certificate you will get a fullchain.pem file containing all Certificates. So in my eyes, it's definitely A
A is correct! According to Redhat, the intermediate certificate can be appended to server certificate . Ref.: https://access.redhat.com/solutions/43575
Correct answer: A Ref: LPIC-2 book (https://lpic2book.github.io/src/)
My argument is over the use of the word MERGE - combining two things into one. You can't combine two certificates into one certificate. You can ADD both certificates to the SSLCertificateFile, but the answer doesn't say that. I could be being pedantic, but I don't think so.
I think that "A" There can be many layers of CAs, the top one is called "Root CA" and the rest is called "Intermediate CA". The CAs are chained in descending order and are called "SSL certificate chain". In the Apache configuration file, 'SSLCertificateKeyFile' is used to specify the location of the key file and 'SSLCertificateFile' is used to specify the location of the Cert (server certificate) file. SSLCertificateFile' is used to specify the location of the Cert file and 'SSLCertificateChainFile' is used to specify the location of the SSL certificate chain file. Now, as for 'SSLCACertificateFile', it can also be used to specify the 'SSL Certificate Chain' file, but it must be used in a non-public CA (used to issue self-signed SSL certificates). However, the question is not very clear, so option "C" could be the correct answer.
SSLCaCertificateFile is for CLIENT certs, not SERVER certs, so A is correct
Answer A is 100% correct !