All-
Just moved our website from a CentOS-6 to a new CentOS-7 box. Naturally then, Apache was updated from a 2.2 to a 2.4 install:
- OS Version: CentOS Linux release 7.3.1611 (Core)
Linux kernel version: 3.10.0-514.6.1.el7.x86_64
OpenSSL Version: 1.0.1e-fips
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 14 2016 18:04:44
Server's Module Magic Number: 20120211:24
Most everything works correctly, but we have some quirks that we can't seem to resolve. For one, there seems to be some confusion about how to serve up intermediate certificates when SSL is being used. On the old 2.2 server, this worked flawlessly and we never had an issue. However, when we ported the ssl.conf directives and cert files over to the new server, Apache 2.4 seems to "ignore" the intermediate certificate bundle, and running tests at sites like
http://www.ssllabs.com fail with errors like "This server's certificate chain is incomplete." We have the necessary directives set:
- SSLCertificateFile /var/www/certs/website.crt
SSLCertificateKeyFile /root/sslkey/myserver.key
SSLCertificateChainFile /var/www/certs/website.crt.ca-bundle
And the files are indeed there with the correct permissions. Seems like there is some other setting that needs to be tweaked in order for Apache to do its job? Welcome thoughts from the community.
-AZ