CERTDIR specifies the directory as the repository of certificates to be used
by SSLway.
Certificate files in the directory are named as follows.
All of these files are optional.
me.pem -- my certificate
The certificate of this DeleGate to be sent to clients (and to servers
if requested).
It may contain the private-key too.
It can be a chained certificate followed with the certificates of
intermediate CAs.
me-key.pem -- my private-key
This file is necessary if the private-key for me.pem is not
contained in itself.
me-key.pas -- the pass-phrase for my private-key
This file is necessary if the private-key in me-key.pem is
encrypted.
common.pas -- the pass-phrase common to private-keys
This file can be used as the default pass-phrase common to
all encrypted private-keys.
The certificate for the domain indicated by SNI
(Server Name Indication).
Like me.pem, it may be in the combination of
sn.domain-key.pem and sn.domain-key.pas (or common.pas).
sa.address.pem -- my certificate to clients
The certificate to be sent to clients when accessed via the network
interface with address (ex. "sa.127.0.0.1.pem").
to-sv.pem -- my certificate to servers
The certificate like me.pem which is sent to servers only.
to-cl.pem -- my certificate to clients
The certificate like me.pem which is sent to clients only.
ca-sv.pem -- servers' CAs' certificates
The certificates of CAs to be used to verify acceptable certificates
shown by servers. It may contain CRL too.
ca-sv/ -- directory of certificates of servers' CAs
each certificate is named with
'openssl x509 -hash -noout < certificate.pem'
ca-cl.pem -- clients' CAs' certificates
The certificates of CAs to be used to verify acceptable certificates
shown by clients. It may contain CRL too.
ca-cl/ -- directory of certificates of clients' CAs
each certificate is named with
'openssl x509 -hash -noout < certificate.pem'