I am attempting to use the mod_proxy SSLCACertificatePath directive, but I'm a tad bit confused on how to use it properly.
Here are two links explaining the SSLCACertificatePath directive:
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcacertificatepath
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC13
I'm not positive on how to create the hashed symbolic links. The second link states to use the apache make file, but I'm quite clueless on what is exactly being said there.
Any friendly guidance would be greatly appreciated.
Thank you for your time.
UPDATE
The goal of my question was to figure out how to handle multiple CAs for validating end user Client Certificates. I didn't realize that multiple pem certificates could be using in one file, which, in my case is clearly the right way to move forward.
Best Answer
If you are unclear on how to make the hash-named symlinks my suggestion is not to use
CACertificatePath, but rather to useCACertificateFileinstead. (Actually this is my suggestion in general: properly maintaining aCACertificateFilemay be slightly more work if you have lots of CA certificates that change often, but you probably shouldn't have lots of CA Certificates, and they shouldn't change much anyway...) In addition it appears that the Makefile referenced has disappeared from Apache's distribution tarballs (and the general lack of public outcry may indicate how many people are using the "path" method of storing certificates :).All that said, if you still want to do this you can proceed per what DerfK said (either get the old Makefile, or write your own script/makefile that runs
openssl x509 -noout -hashagainst all your certificate files and creates appropriately-named symbolic links).