[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Subject: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
From: "Tony" <isplists@xxxxxxxxxxxx>
Date: Tue Apr 18 17:16:06 2000

Blake,

Before doing any of that, install the 128-bit SSL upgrade.
If you already have try rebooting. Make sure you close your browser and
reopen when testing.

Tony

> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of
> BlakeWebster
> Sent: Tuesday, April 18, 2000 7:01 PM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
>
>
> Hello:
> Will this coding work with the Thawte certificate?
> With Thawte there is no cacert directory.
>
> Thanks.
> Blake Webster
>
>
>
>
>
> At 12:04 PM 4/18/00 -0500, you wrote:
> >Upgraded the Raq3i SSL to 128 with the 1.0 update pkg.
> >
> >In httpd.conf: (in the '# Hardcoded, issues with mod_perl and
> cobalt modules
> >section')
> >
> >Add $PerlConfig .= "SSLCACertificateFile
> /home/sites/$group/certs/cacert\n";
> >to the top section
> >and
> >$PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/cacert\n"; to
> >the bottom part.
> >
> >'cacert' is the SECOND certificate that Equifax issues. The
> virtual site's
> >SSL works fine now with
> >no browser warnings.
> >
> >Equifax has a real deal going on now...their certs are $45 until
> May 15. I
> >got same day delivery yesterday.
> >
> >http://www.equifaxsecure.com/ebusinessid/index.html
> >
> >Tony
> >
> >> -----Original Message-----
> >> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> >> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tony
> >> Sent: Tuesday, April 18, 2000 11:01 AM
> >> To: cobalt-developers@xxxxxxxxxxxxxxx
> >> Cc: Cobalt-Users@List. Cobalt. Com
> >> Subject: RE: [cobalt-developers] SSL For Entire Server
> >>
> >>
> >> Almost the same problem here but working with Equifax certs.
> >> Equifax issues TWO certs, one for the domain and a
> SSLCACertificateFile.
> >> Seems they use Thawte as their CA...anyway it seems that Cobalt did not
> >> allow for a SSLCA cert path in their rewrite rules
> >> in the httpd.conf section:
> >>
> >>  # Hardcoded, issues with mod_perl and cobalt modules.
> >>         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
> >>             $ret = ssl_cert_check("/home/sites/$group/certs/");
> >>             if ($ret=~/^2/o) {
> >>                 $PerlConfig .= "Listen $ip:443\n";
> >>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> >>                 $PerlConfig .= "SSLengine on\n";
> >>                 $PerlConfig .= "SSLCertificateFile
> >> /home/sites/$group/certs/certificate\n";
> >>                 $PerlConfig .= "SSLCertificateKeyFile
> >> /home/sites/$group/certs/key\n";
> >>                 $PerlConfig .= join('', @ssl_conf);
> >>             } elsif (ssl_cert_check("/home/sites/home/certs/")
> =~ /^2/ ) {
> >>                 $PerlConfig .= "Listen $ip:443\n";
> >>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> >>                 $PerlConfig .= "SSLengine on\n";
> >>                 $PerlConfig .= "SSLCertificateFile
> >> /home/sites/home/certs/certificate\n";
> >>                 $PerlConfig .= "SSLCertificateKeyFile
> >> /home/sites/home/certs/key\n";
> >>                 $PerlConfig .= join('', @ssl_conf);
> >>             } else {
> >>                 print STDERR "Site $group has invalid
> >> certificate: $ret\n";
> >>
> >> Deleting the main sites self-signed cert doesnt have any
> effect. The virt
> >> site's cert is successfully installed but when browsing to
> that site via
> >> https it picks up the main site's self-signed cert.
> >> Can a
> >> 'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be
> >> included in
> >> the above code? I think that would
> >> solve the problem.
> >>
> >> Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems
> to remotely
> >> match what Cobalt did with SSL.
> >>
> >> Tony
> >>
> >
> >
> >_______________________________________________
> >cobalt-developers mailing list
>
> >cobalt-developers@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >
> ********************************************
> Media Design Services
> P.O. Box 3153
> Santa Rosa, CA 95402
> Phone: 707-575-1640
> Fax:     707-578-3171
>  www.mediadesign-mds.com
>
> WebcamSearch.com
>  www.webcamsearch.com
>
> Northern California Tennis Connection
>  www.norcaltennis.com
> *********************************************
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

Follow-Ups:
- RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: BlakeWebster

References:
- Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: BlakeWebster

Prev by Date: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Next by Date: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Previous by thread: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Next by thread: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index