From 554023e3ee2c57f97c61eca5ce2f000fdf417850 Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Mon, 20 Feb 2012 14:58:33 +0100 Subject: [PATCH] lighttpd/stdin.nl: Explicitly specify a ca-file for https Without this, the intermediate certificate would not be sent. This only affected clients that support SNI, since the fallback SSL configuration (used for non-SNI browsers) did have an explicit ca-file configuration. --- etc/lighttpd/vhosts/stdin-nl | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/lighttpd/vhosts/stdin-nl b/etc/lighttpd/vhosts/stdin-nl index 56698f9..f778be9 100644 --- a/etc/lighttpd/vhosts/stdin-nl +++ b/etc/lighttpd/vhosts/stdin-nl @@ -24,6 +24,7 @@ $HTTP["host"] =~ ".stdin.nl$" { $HTTP["host"] == "mail.stdin.nl" { # Specify the certificate for this domain (uses SNI) ssl.pemfile = "/etc/lighttpd/ssl/mail.stdin.nl.pem" + ssl.ca-file = "/etc/lighttpd/ssl/ca/startssl-all-ca.pem" # Redirect HTTP to HTTPS $HTTP["scheme"] == "http" { url.redirect = ( "^(.*)" => "https://mail.stdin.nl$1" ) -- 2.30.2