<![CDATA[(solved) SSL cert chaining w/ multiple CA files (bundled not working)?]]>

<![CDATA[(solved) SSL cert chaining w/ multiple CA files (bundled not working)?]]>Our Thawte SSL123 cert expired and so we renewed but now they require a chained CA file (boo) and I cannot get it to work.

I have done the following (this is on 1.2.3, hdd install):

downloaded pem bundled CA file from thawte article AR1372 1
copied above file to pfSense box and made corresponding ssl.ca-file entry in lighty-CaptivePortal-SSL.conf file per the article 2 on this forum
restarted lighttpd

with no luck, clients still get certificate not trusted errors.

On the same Thawte article there is a link to non-bundled CA files so I'm thinking maybe lighttpd doesn't support bundled CA files but I cannot find out how to include two CA files in the lighty-CaptivePortal-SSL.conf file.

Any help would be greatly appreciated (on either what I did wrong w/ the bundled version of the CA file or on how to add a second CA file to the config - I don't want to risk messing up the box so I didn't just try adding another line for the second file).

Thanks in advance.

]]>https://forum.netgate.com/topic/30509/solved-ssl-cert-chaining-w-multiple-ca-files-bundled-not-workingRSS for NodeSun, 15 Mar 2026 17:51:22 GMTThu, 10 Feb 2011 18:04:29 GMT60<![CDATA[Reply to (solved) SSL cert chaining w/ multiple CA files (bundled not working)? on Thu, 10 Feb 2011 19:45:30 GMT]]>Man, almost a whole day of messing with this and it turns out that the CA/chain file I downloaded was in DOS format (CRLF rather than just CR). I ran it through "dos2unix" and re-copied it and all is well. cat -v is your friend!

]]>https://forum.netgate.com/post/265161https://forum.netgate.com/post/265161Thu, 10 Feb 2011 19:45:30 GMT