SSLCACertificatesPath
The path to a directory containing multiple CA certificates, in PEM format, to check against. Each file must contain one CA certificate. The files are looked up by the CA subject name hash value, which must be available. If more than one CA certificate with the same name hash value exists, the extension must be different (for example, 9dd6633f0.0, 9dd6633f0.1, and so on). The search is performed in the order of the extension number, regardless of other properties of the certificates.
CAUTION: If several CA certificates matching the name, key identifier, and serial number condition are available, only the first one is examined. This might lead to unexpected results if the same CA certificate is available with different expiration dates. If a certificate expired verification error occurs, no other certificate is searched. Make sure expired certificates are not mixed with valid ones.
For more information, refer to the documentation for OpenSSL.
When you set SSLCACertificatesPath
, it implicitly sets SSLCheckCertificate to True
. In this case, you can set SSLCheckCertificate to False
to allow Eduction Server to fill in any chain required for the SSLCertificate by using the certificates that you specify in SSLCACertificatesPath
, without requiring a certificate from the connected peer.
Type: | String |
Default: | None |
Required: | No |
Configuration Section: | SSLOptionN |
Example: | SSLCACertificatesPath=C:\IDOL\HTTPConnector\CACERTS\
|
See Also: |