[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Subject: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
From: "Tony" <isplists@xxxxxxxxxxxx>
Date: Tue Apr 18 11:27:42 2000

Not sure. Only tried it on the Raq3i. 
See http://www.equifaxsecure.com/ebusinessid/instructions.html
> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Robert
> Spurlock
> Sent: Tuesday, April 18, 2000 12:36 PM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
> 
> 
> Does this Cert work on the Raq2?
> 
> 
> ----- Original Message -----
> From: "Tony" <isplists@xxxxxxxxxxxx>
> To: <cobalt-developers@xxxxxxxxxxxxxxx>
> Cc: "Cobalt-Users@List. Cobalt. Com" <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Tuesday, April 18, 2000 1:04 PM
> Subject: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
> 
> 
> > Upgraded the Raq3i SSL to 128 with the 1.0 update pkg.
> >
> > In httpd.conf: (in the '# Hardcoded, issues with mod_perl and cobalt
> modules
> > section')
> >
> > Add $PerlConfig .= "SSLCACertificateFile
> /home/sites/$group/certs/cacert\n";
> > to the top section
> > and
> > $PerlConfig .= "SSLCACertificateFile 
> /home/sites/home/certs/cacert\n"; to
> > the bottom part.
> >
> > 'cacert' is the SECOND certificate that Equifax issues. The 
> virtual site's
> > SSL works fine now with
> > no browser warnings.
> >
> > Equifax has a real deal going on now...their certs are $45 
> until May 15. I
> > got same day delivery yesterday.
> >
> > http://www.equifaxsecure.com/ebusinessid/index.html
> >
> > Tony
> >
> > > -----Original Message-----
> > > From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> > > [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tony
> > > Sent: Tuesday, April 18, 2000 11:01 AM
> > > To: cobalt-developers@xxxxxxxxxxxxxxx
> > > Cc: Cobalt-Users@List. Cobalt. Com
> > > Subject: RE: [cobalt-developers] SSL For Entire Server
> > >
> > >
> > > Almost the same problem here but working with Equifax certs.
> > > Equifax issues TWO certs, one for the domain and a 
> SSLCACertificateFile.
> > > Seems they use Thawte as their CA...anyway it seems that 
> Cobalt did not
> > > allow for a SSLCA cert path in their rewrite rules
> > > in the httpd.conf section:
> > >
> > >  # Hardcoded, issues with mod_perl and cobalt modules.
> > >         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
> > >             $ret = ssl_cert_check("/home/sites/$group/certs/");
> > >             if ($ret=~/^2/o) {
> > >                 $PerlConfig .= "Listen $ip:443\n";
> > >                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> > >                 $PerlConfig .= "SSLengine on\n";
> > >                 $PerlConfig .= "SSLCertificateFile
> > > /home/sites/$group/certs/certificate\n";
> > >                 $PerlConfig .= "SSLCertificateKeyFile
> > > /home/sites/$group/certs/key\n";
> > >                 $PerlConfig .= join('', @ssl_conf);
> > >             } elsif 
> (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ )
> {
> > >                 $PerlConfig .= "Listen $ip:443\n";
> > >                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> > >                 $PerlConfig .= "SSLengine on\n";
> > >                 $PerlConfig .= "SSLCertificateFile
> > > /home/sites/home/certs/certificate\n";
> > >                 $PerlConfig .= "SSLCertificateKeyFile
> > > /home/sites/home/certs/key\n";
> > >                 $PerlConfig .= join('', @ssl_conf);
> > >             } else {
> > >                 print STDERR "Site $group has invalid
> > > certificate: $ret\n";
> > >
> > > Deleting the main sites self-signed cert doesnt have any effect. The
> virt
> > > site's cert is successfully installed but when browsing to 
> that site via
> > > https it picks up the main site's self-signed cert.
> > > Can a
> > > 'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be
> > > included in
> > > the above code? I think that would
> > > solve the problem.
> > >
> > > Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems to
> remotely
> > > match what Cobalt did with SSL.
> > >
> > > Tony
> > >
> >
> >
> > _______________________________________________
> > cobalt-developers mailing list
> > cobalt-developers@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-developers
> 
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

Follow-Ups:
- Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: Balázs Nagy
- Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: Dennis

References:
- Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: Robert Spurlock

Prev by Date: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Next by Date: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Previous by thread: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Next by thread: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index