[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] RE: SSL For Entire Server: SOLVED.

Subject: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
From: "Tony" <isplists@xxxxxxxxxxxx>
Date: Tue Apr 18 10:04:42 2000

Upgraded the Raq3i SSL to 128 with the 1.0 update pkg.

In httpd.conf: (in the '# Hardcoded, issues with mod_perl and cobalt modules
section')

Add $PerlConfig .= "SSLCACertificateFile /home/sites/$group/certs/cacert\n";
to the top section
and
$PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/cacert\n"; to
the bottom part.

'cacert' is the SECOND certificate that Equifax issues. The virtual site's
SSL works fine now with
no browser warnings.

Equifax has a real deal going on now...their certs are $45 until May 15. I
got same day delivery yesterday.

http://www.equifaxsecure.com/ebusinessid/index.html

Tony

> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tony
> Sent: Tuesday, April 18, 2000 11:01 AM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Cc: Cobalt-Users@List. Cobalt. Com
> Subject: RE: [cobalt-developers] SSL For Entire Server
>
>
> Almost the same problem here but working with Equifax certs.
> Equifax issues TWO certs, one for the domain and a SSLCACertificateFile.
> Seems they use Thawte as their CA...anyway it seems that Cobalt did not
> allow for a SSLCA cert path in their rewrite rules
> in the httpd.conf section:
>
>  # Hardcoded, issues with mod_perl and cobalt modules.
>         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
>             $ret = ssl_cert_check("/home/sites/$group/certs/");
>             if ($ret=~/^2/o) {
>                 $PerlConfig .= "Listen $ip:443\n";
>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
>                 $PerlConfig .= "SSLengine on\n";
>                 $PerlConfig .= "SSLCertificateFile
> /home/sites/$group/certs/certificate\n";
>                 $PerlConfig .= "SSLCertificateKeyFile
> /home/sites/$group/certs/key\n";
>                 $PerlConfig .= join('', @ssl_conf);
>             } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
>                 $PerlConfig .= "Listen $ip:443\n";
>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
>                 $PerlConfig .= "SSLengine on\n";
>                 $PerlConfig .= "SSLCertificateFile
> /home/sites/home/certs/certificate\n";
>                 $PerlConfig .= "SSLCertificateKeyFile
> /home/sites/home/certs/key\n";
>                 $PerlConfig .= join('', @ssl_conf);
>             } else {
>                 print STDERR "Site $group has invalid
> certificate: $ret\n";
>
> Deleting the main sites self-signed cert doesnt have any effect. The virt
> site's cert is successfully installed but when browsing to that site via
> https it picks up the main site's self-signed cert.
> Can a
> 'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be
> included in
> the above code? I think that would
> solve the problem.
>
> Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems to remotely
> match what Cobalt did with SSL.
>
> Tony
>

Follow-Ups:
- Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: Robert Spurlock
- Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: BlakeWebster

References:
- RE: [cobalt-developers] SSL For Entire Server
  - From: Tony

Prev by Date: RE: [cobalt-developers] SSL For Entire Server
Next by Date: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Previous by thread: RE: [cobalt-developers] SSL For Entire Server
Next by thread: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index