[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Subject: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
From: Dennis <dkc@xxxxxxxxxxxxx>
Date: Tue Apr 18 20:12:13 2000

Tony-

Nevermind. Just can't copy it out of the browser (At least for me).

    -Dennis

Tony wrote:

> Not sure. Only tried it on the Raq3i.
> See http://www.equifaxsecure.com/ebusinessid/instructions.html
> > -----Original Message-----
> > From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Robert
> > Spurlock
> > Sent: Tuesday, April 18, 2000 12:36 PM
> > To: cobalt-developers@xxxxxxxxxxxxxxx
> > Subject: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
> >
> >
> > Does this Cert work on the Raq2?
> >
> >
> > ----- Original Message -----
> > From: "Tony" <isplists@xxxxxxxxxxxx>
> > To: <cobalt-developers@xxxxxxxxxxxxxxx>
> > Cc: "Cobalt-Users@List. Cobalt. Com" <cobalt-users@xxxxxxxxxxxxxxx>
> > Sent: Tuesday, April 18, 2000 1:04 PM
> > Subject: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
> >
> >
> > > Upgraded the Raq3i SSL to 128 with the 1.0 update pkg.
> > >
> > > In httpd.conf: (in the '# Hardcoded, issues with mod_perl and cobalt
> > modules
> > > section')
> > >
> > > Add $PerlConfig .= "SSLCACertificateFile
> > /home/sites/$group/certs/cacert\n";
> > > to the top section
> > > and
> > > $PerlConfig .= "SSLCACertificateFile
> > /home/sites/home/certs/cacert\n"; to
> > > the bottom part.
> > >
> > > 'cacert' is the SECOND certificate that Equifax issues. The
> > virtual site's
> > > SSL works fine now with
> > > no browser warnings.
> > >
> > > Equifax has a real deal going on now...their certs are $45
> > until May 15. I
> > > got same day delivery yesterday.
> > >
> > > http://www.equifaxsecure.com/ebusinessid/index.html
> > >
> > > Tony
> > >
> > > > -----Original Message-----
> > > > From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> > > > [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tony
> > > > Sent: Tuesday, April 18, 2000 11:01 AM
> > > > To: cobalt-developers@xxxxxxxxxxxxxxx
> > > > Cc: Cobalt-Users@List. Cobalt. Com
> > > > Subject: RE: [cobalt-developers] SSL For Entire Server
> > > >
> > > >
> > > > Almost the same problem here but working with Equifax certs.
> > > > Equifax issues TWO certs, one for the domain and a
> > SSLCACertificateFile.
> > > > Seems they use Thawte as their CA...anyway it seems that
> > Cobalt did not
> > > > allow for a SSLCA cert path in their rewrite rules
> > > > in the httpd.conf section:
> > > >
> > > >  # Hardcoded, issues with mod_perl and cobalt modules.
> > > >         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
> > > >             $ret = ssl_cert_check("/home/sites/$group/certs/");
> > > >             if ($ret=~/^2/o) {
> > > >                 $PerlConfig .= "Listen $ip:443\n";
> > > >                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> > > >                 $PerlConfig .= "SSLengine on\n";
> > > >                 $PerlConfig .= "SSLCertificateFile
> > > > /home/sites/$group/certs/certificate\n";
> > > >                 $PerlConfig .= "SSLCertificateKeyFile
> > > > /home/sites/$group/certs/key\n";
> > > >                 $PerlConfig .= join('', @ssl_conf);
> > > >             } elsif
> > (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ )
> > {
> > > >                 $PerlConfig .= "Listen $ip:443\n";
> > > >                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> > > >                 $PerlConfig .= "SSLengine on\n";
> > > >                 $PerlConfig .= "SSLCertificateFile
> > > > /home/sites/home/certs/certificate\n";
> > > >                 $PerlConfig .= "SSLCertificateKeyFile
> > > > /home/sites/home/certs/key\n";
> > > >                 $PerlConfig .= join('', @ssl_conf);
> > > >             } else {
> > > >                 print STDERR "Site $group has invalid
> > > > certificate: $ret\n";
> > > >
> > > > Deleting the main sites self-signed cert doesnt have any effect. The
> > virt
> > > > site's cert is successfully installed but when browsing to
> > that site via
> > > > https it picks up the main site's self-signed cert.
> > > > Can a
> > > > 'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be
> > > > included in
> > > > the above code? I think that would
> > > > solve the problem.
> > > >
> > > > Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems to
> > remotely
> > > > match what Cobalt did with SSL.
> > > >
> > > > Tony
> > > >
> > >
> > >
> > > _______________________________________________
> > > cobalt-developers mailing list
> > > cobalt-developers@xxxxxxxxxxxxxxx
> > > http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >
> >
> > _______________________________________________
> > cobalt-developers mailing list
> > cobalt-developers@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers

Follow-Ups:
- RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: Tony

References:
- RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: Tony

Prev by Date: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Next by Date: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Previous by thread: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Next by thread: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index