[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
- Subject: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
- From: BlakeWebster <blake@xxxxxxxxxxxxxxxxxxx>
- Date: Tue Apr 18 19:09:58 2000
Hey Tony:
Before doing anything I rebooted the server and everything works fine.
Thanks for the suggestion.
Blake
At 05:31 PM 4/18/00 -0700, you wrote:
>Hello:
>Where do I get the 128-bit upgrade?
>At the Cobalt Knowledge Base?
>
>Thanks for your help Tony.
>Blake
>
>
>
>
>
>
>At 07:15 PM 4/18/00 -0500, you wrote:
>>Blake,
>>
>>Before doing any of that, install the 128-bit SSL upgrade.
>>If you already have try rebooting. Make sure you close your browser and
>>reopen when testing.
>>
>>Tony
>>
>>> -----Original Message-----
>>> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
>>> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of
>>> BlakeWebster
>>> Sent: Tuesday, April 18, 2000 7:01 PM
>>> To: cobalt-developers@xxxxxxxxxxxxxxx
>>> Subject: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
>>>
>>>
>>> Hello:
>>> Will this coding work with the Thawte certificate?
>>> With Thawte there is no cacert directory.
>>>
>>> Thanks.
>>> Blake Webster
>>>
>>>
>>>
>>>
>>>
>>> At 12:04 PM 4/18/00 -0500, you wrote:
>>> >Upgraded the Raq3i SSL to 128 with the 1.0 update pkg.
>>> >
>>> >In httpd.conf: (in the '# Hardcoded, issues with mod_perl and
>>> cobalt modules
>>> >section')
>>> >
>>> >Add $PerlConfig .= "SSLCACertificateFile
>>> /home/sites/$group/certs/cacert\n";
>>> >to the top section
>>> >and
>>> >$PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/cacert\n"; to
>>> >the bottom part.
>>> >
>>> >'cacert' is the SECOND certificate that Equifax issues. The
>>> virtual site's
>>> >SSL works fine now with
>>> >no browser warnings.
>>> >
>>> >Equifax has a real deal going on now...their certs are $45 until
>>> May 15. I
>>> >got same day delivery yesterday.
>>> >
>>> >http://www.equifaxsecure.com/ebusinessid/index.html
>>> >
>>> >Tony
>>> >
>>> >> -----Original Message-----
>>> >> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
>>> >> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tony
>>> >> Sent: Tuesday, April 18, 2000 11:01 AM
>>> >> To: cobalt-developers@xxxxxxxxxxxxxxx
>>> >> Cc: Cobalt-Users@List. Cobalt. Com
>>> >> Subject: RE: [cobalt-developers] SSL For Entire Server
>>> >>
>>> >>
>>> >> Almost the same problem here but working with Equifax certs.
>>> >> Equifax issues TWO certs, one for the domain and a
>>> SSLCACertificateFile.
>>> >> Seems they use Thawte as their CA...anyway it seems that Cobalt did not
>>> >> allow for a SSLCA cert path in their rewrite rules
>>> >> in the httpd.conf section:
>>> >>
>>> >> # Hardcoded, issues with mod_perl and cobalt modules.
>>> >> if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
>>> >> $ret = ssl_cert_check("/home/sites/$group/certs/");
>>> >> if ($ret=~/^2/o) {
>>> >> $PerlConfig .= "Listen $ip:443\n";
>>> >> $PerlConfig .= "<VirtualHost $ip:443>\n";
>>> >> $PerlConfig .= "SSLengine on\n";
>>> >> $PerlConfig .= "SSLCertificateFile
>>> >> /home/sites/$group/certs/certificate\n";
>>> >> $PerlConfig .= "SSLCertificateKeyFile
>>> >> /home/sites/$group/certs/key\n";
>>> >> $PerlConfig .= join('', @ssl_conf);
>>> >> } elsif (ssl_cert_check("/home/sites/home/certs/")
>>> =~ /^2/ ) {
>>> >> $PerlConfig .= "Listen $ip:443\n";
>>> >> $PerlConfig .= "<VirtualHost $ip:443>\n";
>>> >> $PerlConfig .= "SSLengine on\n";
>>> >> $PerlConfig .= "SSLCertificateFile
>>> >> /home/sites/home/certs/certificate\n";
>
>>> >> $PerlConfig .= "SSLCertificateKeyFile
>>> >> /home/sites/home/certs/key\n";
>>> >> $PerlConfig .= join('', @ssl_conf);
>>> >> } else {
>>> >> print STDERR "Site $group has invalid
>>> >> certificate: $ret\n";
>>> >>
>>> >> Deleting the main sites self-signed cert doesnt have any
>>> effect. The virt
>>> >> site's cert is successfully installed but when browsing to
>>> that site via
>>> >> https it picks up the main site's self-signed cert.
>>> >> Can a
>>> >> 'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be
>>> >> included in
>>> >> the above code? I think that would
>>> >> solve the problem.
>>> >>
>>> >> Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems
>>> to remotely
>>> >> match what Cobalt did with SSL.
>>> >>
>>> >> Tony
>>> >>
>>> >
>>> >
>>> >_______________________________________________
>>> >cobalt-developers mailing list
>>>
>>> >cobalt-developers@xxxxxxxxxxxxxxx
>>> >http://list.cobalt.com/mailman/listinfo/cobalt-developers
>>> >
>>> ********************************************
>>> Media Design Services
>>> P.O. Box 3153
>>> Santa Rosa, CA 95402
>>> Phone: 707-575-1640
>>> Fax: 707-578-3171
>>> www.mediadesign-mds.com
>>>
>>> WebcamSearch.com
>>> www.webcamsearch.com
>>>
>>> Northern California Tennis Connection
>>> www.norcaltennis.com
>>> *********************************************
>>>
>>> _______________________________________________
>>> cobalt-developers mailing list
>>> cobalt-developers@xxxxxxxxxxxxxxx
>>> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>>>
>>
>>
>>_______________________________________________
>>cobalt-developers mailing list
>>cobalt-developers@xxxxxxxxxxxxxxx
>>http://list.cobalt.com/mailman/listinfo/cobalt-developers
>>
>********************************************
>Media Design Services
>P.O. Box 3153
>Santa Rosa, CA 95402
>Phone: 707-575-1640
>Fax: 707-578-3171
> www.mediadesign-mds.com
>
>WebcamSearch.com
> www.webcamsearch.com
>
>Northern California Tennis Connection
> www.norcaltennis.com
>*********************************************
>
>_______________________________________________
>cobalt-developers mailing list
>cobalt-developers@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
********************************************
Media Design Services
P.O. Box 3153
Santa Rosa, CA 95402
Phone: 707-575-1640
Fax: 707-578-3171
www.mediadesign-mds.com
WebcamSearch.com
www.webcamsearch.com
Northern California Tennis Connection
www.norcaltennis.com
*********************************************