[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-developers] SSL For Entire Server
- Subject: RE: [cobalt-developers] SSL For Entire Server
- From: "Tony" <isplists@xxxxxxxxxxxx>
- Date: Tue Apr 18 09:01:17 2000
Almost the same problem here but working with Equifax certs.
Equifax issues TWO certs, one for the domain and a SSLCACertificateFile.
Seems they use Thawte as their CA...anyway it seems that Cobalt did not
allow for a SSLCA cert path in their rewrite rules
in the httpd.conf section:
# Hardcoded, issues with mod_perl and cobalt modules.
if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
$ret = ssl_cert_check("/home/sites/$group/certs/");
if ($ret=~/^2/o) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile
/home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile
/home/sites/$group/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile
/home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile
/home/sites/home/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} else {
print STDERR "Site $group has invalid certificate: $ret\n";
Deleting the main sites self-signed cert doesnt have any effect. The virt
site's cert is successfully installed but when browsing to that site via
https it picks up the main site's self-signed cert.
Can a
'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be included in
the above code? I think that would
solve the problem.
Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems to remotely
match what Cobalt did with SSL.
Tony
> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of
> BlakeWebster
> Sent: Tuesday, April 18, 2000 10:25 AM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: [cobalt-developers] SSL For Entire Server
>
>
> Hello:
> I set up ssl on ns1.mydomain.com. No problem with a self-signed
> certificate.
> I applied and received an external certificate from Thawte. No problem
> (except that I messed up and had to have them re-issue a certificate
> because I accidentally deleted my key).
> I pasted the new certificate into the certificate window and it took. It
> even shows Thawte as the certificate issuer.
> The problem is that whenever I access a secure page
> I receive the browser notice "security alert" and the info shows a
> self-issued certificate by ns1.mydomain.com.
> Do you have any thoughts on this?
> I'm confused and have checked the server certificate files and backup
> files. Everything appears correct.
> All help is appreciated.
>
> Blake Webster
>
> ********************************************
> Media Design Services
> P.O. Box 3153
> Santa Rosa, CA 95402
> Phone: 707-575-1640
> Fax: 707-578-3171
> www.mediadesign-mds.com
>
> WebcamSearch.com
> www.webcamsearch.com
>
> Northern California Tennis Connection
> www.norcaltennis.com
> *********************************************
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>