|
The chain's root certificate is checked for trustworthiness: it must
be a CA certificate (CA:TRUE in extensions), and it must be
trusted locally (i.e. be listed in sslcacertificatefile or
SSL CA Certificate File). Note that this means that if the peer
certificate is self-signed (and thus a root certificate itself), it
must also be a CA certificate; however, CA certificates are typically
not used as server certificates and may cause a warning at server
startup.
If the peer chain's root certificate is not trusted, the "
Cannot verify certificate ..." reason that results is usually "
self signed certificate in certificate chain".
Copyright © Thunderstone Software Last updated: Mon Feb 18 10:28:15 EST 2013
|