[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
- Subject: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
- From: "Robert Spurlock" <rspurlock@xxxxxxxxxxxx>
- Date: Tue Apr 18 10:31:34 2000
Does this Cert work on the Raq2?
----- Original Message -----
From: "Tony" <isplists@xxxxxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Cc: "Cobalt-Users@List. Cobalt. Com" <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, April 18, 2000 1:04 PM
Subject: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
> Upgraded the Raq3i SSL to 128 with the 1.0 update pkg.
>
> In httpd.conf: (in the '# Hardcoded, issues with mod_perl and cobalt
modules
> section')
>
> Add $PerlConfig .= "SSLCACertificateFile
/home/sites/$group/certs/cacert\n";
> to the top section
> and
> $PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/cacert\n"; to
> the bottom part.
>
> 'cacert' is the SECOND certificate that Equifax issues. The virtual site's
> SSL works fine now with
> no browser warnings.
>
> Equifax has a real deal going on now...their certs are $45 until May 15. I
> got same day delivery yesterday.
>
> http://www.equifaxsecure.com/ebusinessid/index.html
>
> Tony
>
> > -----Original Message-----
> > From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tony
> > Sent: Tuesday, April 18, 2000 11:01 AM
> > To: cobalt-developers@xxxxxxxxxxxxxxx
> > Cc: Cobalt-Users@List. Cobalt. Com
> > Subject: RE: [cobalt-developers] SSL For Entire Server
> >
> >
> > Almost the same problem here but working with Equifax certs.
> > Equifax issues TWO certs, one for the domain and a SSLCACertificateFile.
> > Seems they use Thawte as their CA...anyway it seems that Cobalt did not
> > allow for a SSLCA cert path in their rewrite rules
> > in the httpd.conf section:
> >
> > # Hardcoded, issues with mod_perl and cobalt modules.
> > if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
> > $ret = ssl_cert_check("/home/sites/$group/certs/");
> > if ($ret=~/^2/o) {
> > $PerlConfig .= "Listen $ip:443\n";
> > $PerlConfig .= "<VirtualHost $ip:443>\n";
> > $PerlConfig .= "SSLengine on\n";
> > $PerlConfig .= "SSLCertificateFile
> > /home/sites/$group/certs/certificate\n";
> > $PerlConfig .= "SSLCertificateKeyFile
> > /home/sites/$group/certs/key\n";
> > $PerlConfig .= join('', @ssl_conf);
> > } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ )
{
> > $PerlConfig .= "Listen $ip:443\n";
> > $PerlConfig .= "<VirtualHost $ip:443>\n";
> > $PerlConfig .= "SSLengine on\n";
> > $PerlConfig .= "SSLCertificateFile
> > /home/sites/home/certs/certificate\n";
> > $PerlConfig .= "SSLCertificateKeyFile
> > /home/sites/home/certs/key\n";
> > $PerlConfig .= join('', @ssl_conf);
> > } else {
> > print STDERR "Site $group has invalid
> > certificate: $ret\n";
> >
> > Deleting the main sites self-signed cert doesnt have any effect. The
virt
> > site's cert is successfully installed but when browsing to that site via
> > https it picks up the main site's self-signed cert.
> > Can a
> > 'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be
> > included in
> > the above code? I think that would
> > solve the problem.
> >
> > Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems to
remotely
> > match what Cobalt did with SSL.
> >
> > Tony
> >
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers