[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] SSL For Entire Server

Subject: RE: [cobalt-developers] SSL For Entire Server
From: BlakeWebster <blake@xxxxxxxxxxxxxxxxxxx>
Date: Tue Apr 18 09:26:41 2000

How about deleting the certificate altogether and putting the key and newly
issued certificate back in the cert folder?
This would eliminate the Certificate Request.
Just a thought.

Blake







At 11:00 AM 4/18/00 -0500, you wrote:
>Almost the same problem here but working with Equifax certs.
>Equifax issues TWO certs, one for the domain and a SSLCACertificateFile.
>Seems they use Thawte as their CA...anyway it seems that Cobalt did not
>allow for a SSLCA cert path in their rewrite rules
>in the httpd.conf section:
>
> # Hardcoded, issues with mod_perl and cobalt modules.
>        if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
>            $ret = ssl_cert_check("/home/sites/$group/certs/");
>            if ($ret=~/^2/o) {
>                $PerlConfig .= "Listen $ip:443\n";
>                $PerlConfig .= "<VirtualHost $ip:443>\n";
>                $PerlConfig .= "SSLengine on\n";
>                $PerlConfig .= "SSLCertificateFile
>/home/sites/$group/certs/certificate\n";
>                $PerlConfig .= "SSLCertificateKeyFile
>/home/sites/$group/certs/key\n";
>                $PerlConfig .= join('', @ssl_conf);
>            } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
>                $PerlConfig .= "Listen $ip:443\n";
>                $PerlConfig .= "<VirtualHost $ip:443>\n";
>                $PerlConfig .= "SSLengine on\n";
>                $PerlConfig .= "SSLCertificateFile
>/home/sites/home/certs/certificate\n";
>                $PerlConfig .= "SSLCertificateKeyFile
>/home/sites/home/certs/key\n";
>                $PerlConfig .= join('', @ssl_conf);
>            } else {
>                print STDERR "Site $group has invalid certificate: $ret\n";
>
>Deleting the main sites self-signed cert doesnt have any effect. The virt
>site's cert is successfully installed but when browsing to that site via
>https it picks up the main site's self-signed cert.
>Can a
>'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be included in
>the above code? I think that would
>solve the problem.
>
>Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems to remotely
>match what Cobalt did with SSL.
>
>Tony
>
>
>> -----Original Message-----
>> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
>> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of
>> BlakeWebster
>> Sent: Tuesday, April 18, 2000 10:25 AM
>> To: cobalt-developers@xxxxxxxxxxxxxxx
>> Subject: [cobalt-developers] SSL For Entire Server
>>
>>
>> Hello:
>> I set up ssl on ns1.mydomain.com. No problem with a self-signed
>> certificate.
>> I applied and received an external certificate from Thawte. No problem
>> (except that I messed up and had to have them re-issue a certificate
>> because I accidentally deleted my key).
>> I pasted the new certificate into the certificate window and it took. It
>> even shows Thawte as the certificate issuer.
>> The problem is that whenever I access a secure page
>> I receive the browser notice "security alert" and the info shows a
>> self-issued certificate by ns1.mydomain.com.
>> Do you have any thoughts on this?
>> I'm confused and have checked the server certificate files and backup
>> files. Everything appears correct.
>> All help is appreciated.
>>
>> Blake Webster
>>
>> ********************************************
>> Media Design Services

>> P.O. Box 3153
>> Santa Rosa, CA 95402
>> Phone: 707-575-1640
>> Fax:     707-578-3171
>>  www.mediadesign-mds.com
>>
>> WebcamSearch.com
>>  www.webcamsearch.com
>>
>> Northern California Tennis Connection
>>  www.norcaltennis.com
>> *********************************************
>>
>> _______________________________________________
>> cobalt-developers mailing list
>> cobalt-developers@xxxxxxxxxxxxxxx
>> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>>
>
>
>_______________________________________________
>cobalt-developers mailing list
>cobalt-developers@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-developers
> 
********************************************
Media Design Services
P.O. Box 3153
Santa Rosa, CA 95402
Phone: 707-575-1640
Fax:     707-578-3171
 www.mediadesign-mds.com 

WebcamSearch.com
 www.webcamsearch.com 

Northern California Tennis Connection
 www.norcaltennis.com 
*********************************************

References:
- [cobalt-developers] SSL For Entire Server
  - From: BlakeWebster
- RE: [cobalt-developers] SSL For Entire Server
  - From: Tony

Prev by Date: RE: [cobalt-developers] SSL For Entire Server
Next by Date: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Previous by thread: RE: [cobalt-developers] SSL For Entire Server
Next by thread: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index