Hi, I use the idFTPServer as FTPs server. Everything works with self-signed certificates.
IdServerIOHandlerSSLOpenSSL->SSLOptions->KeyFile / IdServerIOHandlerSSLOpenSSL->SSLOptions->CertFile / IdServerIOHandlerSSLOpenSSL->SSLOptions->RootCertFile are set.
Where can I specify a certificate version chain?
Excuse me, I mean a certification chain.
If I remember correctly, you have to use a file with your complete chain as IdServerIOHandlerSSLOpenSSL->SSLOptions->CertFile
All right,
and what is IdServerIOHandlerSSLOpenSSL->SSLOptions->RootCertFile good for?
and what is IdServerIOHandlerSSLOpenSSL->SSLOptions->RootCertFile good for?
@davidwed
SSLOptions->RootCertFile refers to a single file in PEM format containing 1 or more trusted CA certificates. There is also an SSLOptions->VerifyDirs property that refers to a folder containing trusted CA certificates in individual PEM files. See OpenSSL's documentation for the SSL_CTX_load_verify_locations() function for more details: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html