If I simply use "SSLCertificateFile" and "SSLCertificateKeyFile" twice, the certificate chain is broken for the first one.
Can I use both RSA and ECC certificate which is issued from different intermediate CA certificate?
==================
Update: OpenSSL 1.0.2 Solves the problem. Just use "SSLCertificateFile" and "SSLCertificateKeyFile" twice. Note that "SSLCertificateFile" should be the whole chain of the certificate.
Best Answer
This is possible depending on both the Apache version and the OpenSSL version.
Running ECC & RSA certificates in parallel on Apache using different intermediate certificates requires Apache 2.4.8+ and OpenSSL 1.0.2+.
The
sslcertificatefile
entry added support for intermediates as of Apache 2.4.8. OpenSSL adds the ability to load intermediates on a per-certificate basis as of version 1.0.2.Although earlier versions of Apache support multiple
sslcertificatefile
entries, it won't load intermediates from those entries and theSSLCertificateChainFile
can only be used once. Therefore, in earlier versions you can still run ECC/RSA/DSA certs in parallel, but they must all use the same intermediate.