Topic: per-directory CA in Apache2.4

[o6asan]

I am running a web server at home. The server is in a non-ssl mode except the admin area. For the admin area the server requires a client certificate. I use a self-signed CA for that.

But I want to add SSL and HTTPS to the whole site. For the site except the admin area I'm going to use a free SSL certificates like from StartSSL. But I want to continue using the self-signed CA.

I'm testing the new settings on a devel server. When I set SSLCACertificateFile "c:/Apache24/conf/ssl.crt/myCA.crt" in <Location> derective, Apache 2.4 gave me 'Your SSL library does not have support for per-directory CA'.
On the Net, I found the below. The 2.4 version seems not to support per-directory CA anymore.
https://bugzilla.redhat.com/show_bug.cgi?id=1179716

How could I create a service like per-directory CA with Apache2.4? Any method?

- Apache 2.4.16 Win64 from Apache Lounge
- Windows10 Home x64

[James Blond]

Short answer, no that did not change.

Long answer
That did never work in any apache version. Since version 2.2.12 apache can do SNI. That was the first version you were able to use mutiple SSL Certs.

if you look into the the old 2.2 docs http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile you see that the sslcacertificatefile directive works only in the global server config or per vhost.

[o6asan]

Thanks, James.

I understood 'per-directory CA' never worked in any apache version.

Your mention inspired me. Yes, it can do SNI now. I might be able to realize that I want to do.

Thanks again.