# the same file, then private_key_file &
# certificate_file must contain the same file
# name.
+ #
+ # If CA_file (below) is not used, then the
+ # certificate_file below MUST include not
+ # only the server certificate, but ALSO all
+ # of the CA certificates used to sign the
+ # server certificate.
certificate_file = ${certdir}/server.pem
# Trusted Root CA list