[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
- Subject: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
- From: BlakeWebster <blake@xxxxxxxxxxxxxxxxxxx>
- Date: Tue Apr 18 17:11:07 2000
Hello:
Will this coding work with the Thawte certificate?
With Thawte there is no cacert directory.
Thanks.
Blake Webster
At 12:04 PM 4/18/00 -0500, you wrote:
>Upgraded the Raq3i SSL to 128 with the 1.0 update pkg.
>
>In httpd.conf: (in the '# Hardcoded, issues with mod_perl and cobalt modules
>section')
>
>Add $PerlConfig .= "SSLCACertificateFile /home/sites/$group/certs/cacert\n";
>to the top section
>and
>$PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/cacert\n"; to
>the bottom part.
>
>'cacert' is the SECOND certificate that Equifax issues. The virtual site's
>SSL works fine now with
>no browser warnings.
>
>Equifax has a real deal going on now...their certs are $45 until May 15. I
>got same day delivery yesterday.
>
>http://www.equifaxsecure.com/ebusinessid/index.html
>
>Tony
>
>> -----Original Message-----
>> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
>> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tony
>> Sent: Tuesday, April 18, 2000 11:01 AM
>> To: cobalt-developers@xxxxxxxxxxxxxxx
>> Cc: Cobalt-Users@List. Cobalt. Com
>> Subject: RE: [cobalt-developers] SSL For Entire Server
>>
>>
>> Almost the same problem here but working with Equifax certs.
>> Equifax issues TWO certs, one for the domain and a SSLCACertificateFile.
>> Seems they use Thawte as their CA...anyway it seems that Cobalt did not
>> allow for a SSLCA cert path in their rewrite rules
>> in the httpd.conf section:
>>
>> # Hardcoded, issues with mod_perl and cobalt modules.
>> if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
>> $ret = ssl_cert_check("/home/sites/$group/certs/");
>> if ($ret=~/^2/o) {
>> $PerlConfig .= "Listen $ip:443\n";
>> $PerlConfig .= "<VirtualHost $ip:443>\n";
>> $PerlConfig .= "SSLengine on\n";
>> $PerlConfig .= "SSLCertificateFile
>> /home/sites/$group/certs/certificate\n";
>> $PerlConfig .= "SSLCertificateKeyFile
>> /home/sites/$group/certs/key\n";
>> $PerlConfig .= join('', @ssl_conf);
>> } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
>> $PerlConfig .= "Listen $ip:443\n";
>> $PerlConfig .= "<VirtualHost $ip:443>\n";
>> $PerlConfig .= "SSLengine on\n";
>> $PerlConfig .= "SSLCertificateFile
>> /home/sites/home/certs/certificate\n";
>> $PerlConfig .= "SSLCertificateKeyFile
>> /home/sites/home/certs/key\n";
>> $PerlConfig .= join('', @ssl_conf);
>> } else {
>> print STDERR "Site $group has invalid
>> certificate: $ret\n";
>>
>> Deleting the main sites self-signed cert doesnt have any effect. The virt
>> site's cert is successfully installed but when browsing to that site via
>> https it picks up the main site's self-signed cert.
>> Can a
>> 'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be
>> included in
>> the above code? I think that would
>> solve the problem.
>>
>> Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems to remotely
>> match what Cobalt did with SSL.
>>
>> Tony
>>
>
>
>_______________________________________________
>cobalt-developers mailing list
>cobalt-developers@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
********************************************
Media Design Services
P.O. Box 3153
Santa Rosa, CA 95402
Phone: 707-575-1640
Fax: 707-578-3171
www.mediadesign-mds.com
WebcamSearch.com
www.webcamsearch.com
Northern California Tennis Connection
www.norcaltennis.com
*********************************************