TLSCACertificatePath

Name

TLSCACertificatePath -- Define a path to the CAs used to verify your client certificates

Synopsis

TLSCACertificatePath [ Path to your CA certificates]

Default

None

Context

server config, <Global>, <VirtualHost>

Module

mod_tls

Compatibility

1.2.7rc1 and later

Description

The TLSCACertificatePath directive sets the directory for the certificates of Certification Authorities (CAs) for your clients. These are used to verify the client certificates presented. This directive may be used in addition to, or as alternative for, TLSCACertificateFile.

The files in the configured directory have to be PEM-encoded, and are accessed through hash filenames. This means one cannot simply place the CA certificates there: one also has to create symbolic links named hash-value.N. The c_rehash utility that comes with OpenSSL can be used to create the necessary symlinks.

If neither TLSCACertificateFile nor TLSCACertificatePath are specified, the following message will appear in the TLSLog:

   using default OpenSSL verification locations (see $SSL_CERT_DIR)
[1]

This means that the SSL_CERT_DIR environment variable, if set, will be used to determine the location of a CA certificate directory, to be used when verifying clients.

See also

TLSCACertificateFile

Examples

TLSCACertificatePath /etc/ftpd/ca/

Notes

[1]