[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.

Subject: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
From: "Tony" <isplists@xxxxxxxxxxxx>
Date: Tue Apr 18 20:49:17 2000
That's a stupid Cobalt trick...works everytime. I'm beginning to 
think Cobalt might have some ex-Windows programmers on staff. =)

> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of
> BlakeWebster
> Sent: Tuesday, April 18, 2000 8:50 PM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
> 
> 
> Hey Tony:
> Before doing anything I rebooted the server and everything works fine.
> Thanks for the suggestion.
> 
> Blake
> 
> 
> 
> 
> At 05:31 PM 4/18/00 -0700, you wrote:
> >Hello:
> >Where do I get the 128-bit upgrade?
> >At the Cobalt Knowledge Base?
> >
> >Thanks for your help Tony.
> >Blake
> >
> >
> >
> >
> >
> >
> >At 07:15 PM 4/18/00 -0500, you wrote:
> >>Blake,
> >>
> >>Before doing any of that, install the 128-bit SSL upgrade.
> >>If you already have try rebooting. Make sure you close your browser and
> >>reopen when testing.
> >>
> >>Tony
> >>
> >>> -----Original Message-----
> >>> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> >>> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of
> >>> BlakeWebster
> >>> Sent: Tuesday, April 18, 2000 7:01 PM
> >>> To: cobalt-developers@xxxxxxxxxxxxxxx
> >>> Subject: Re: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
> >>>
> >>>
> >>> Hello:
> >>> Will this coding work with the Thawte certificate?
> >>> With Thawte there is no cacert directory.
> >>>
> >>> Thanks.
> >>> Blake Webster
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> At 12:04 PM 4/18/00 -0500, you wrote:
> >>> >Upgraded the Raq3i SSL to 128 with the 1.0 update pkg.
> >>> >
> >>> >In httpd.conf: (in the '# Hardcoded, issues with mod_perl and
> >>> cobalt modules
> >>> >section')
> >>> >
> >>> >Add $PerlConfig .= "SSLCACertificateFile
> >>> /home/sites/$group/certs/cacert\n";
> >>> >to the top section
> >>> >and
> >>> >$PerlConfig .= "SSLCACertificateFile 
> /home/sites/home/certs/cacert\n"; to
> >>> >the bottom part.
> >>> >
> >>> >'cacert' is the SECOND certificate that Equifax issues. The
> >>> virtual site's
> >>> >SSL works fine now with
> >>> >no browser warnings.
> >>> >
> >>> >Equifax has a real deal going on now...their certs are $45 until
> >>> May 15. I
> >>> >got same day delivery yesterday.
> >>> >
> >>> >http://www.equifaxsecure.com/ebusinessid/index.html
> >>> >
> >>> >Tony
> >>> >
> >>> >> -----Original Message-----
> >>> >> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> >>> >> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tony
> >>> >> Sent: Tuesday, April 18, 2000 11:01 AM
> >>> >> To: cobalt-developers@xxxxxxxxxxxxxxx
> >>> >> Cc: Cobalt-Users@List. Cobalt. Com
> >>> >> Subject: RE: [cobalt-developers] SSL For Entire Server
> >>> >>
> >>> >>
> >>> >> Almost the same problem here but working with Equifax certs.
> >>> >> Equifax issues TWO certs, one for the domain and a
> >>> SSLCACertificateFile.
> >>> >> Seems they use Thawte as their CA...anyway it seems that 
> Cobalt did not
> >>> >> allow for a SSLCA cert path in their rewrite rules
> >>> >> in the httpd.conf section:
> >>> >>
> >>> >>  # Hardcoded, issues with mod_perl and cobalt modules.
> >>> >>         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
> >>> >>             $ret = ssl_cert_check("/home/sites/$group/certs/");
> >>> >>             if ($ret=~/^2/o) {
> >>> >>                 $PerlConfig .= "Listen $ip:443\n";
> >>> >>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> >>> >>                 $PerlConfig .= "SSLengine on\n";
> >>> >>                 $PerlConfig .= "SSLCertificateFile
> >>> >> /home/sites/$group/certs/certificate\n";
> >>> >>                 $PerlConfig .= "SSLCertificateKeyFile
> >>> >> /home/sites/$group/certs/key\n";
> >>> >>                 $PerlConfig .= join('', @ssl_conf);
> >>> >>             } elsif (ssl_cert_check("/home/sites/home/certs/")
> >>> =~ /^2/ ) {
> 
> >>> >>                 $PerlConfig .= "Listen $ip:443\n";
> >>> >>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> >>> >>                 $PerlConfig .= "SSLengine on\n";
> >>> >>                 $PerlConfig .= "SSLCertificateFile
> >>> >> /home/sites/home/certs/certificate\n";
> >
> >>> >>                 $PerlConfig .= "SSLCertificateKeyFile
> >>> >> /home/sites/home/certs/key\n";
> >>> >>                 $PerlConfig .= join('', @ssl_conf);
> >>> >>             } else {
> >>> >>                 print STDERR "Site $group has invalid
> >>> >> certificate: $ret\n";
> >>> >>
> >>> >> Deleting the main sites self-signed cert doesnt have any
> >>> effect. The virt
> >>> >> site's cert is successfully installed but when browsing to
> >>> that site via
> >>> >> https it picks up the main site's self-signed cert.
> >>> >> Can a
> >>> >> 'SSLCACertificateFile conf/ssl.crt/company-ca.crt' directive be
> >>> >> included in
> >>> >> the above code? I think that would
> >>> >> solve the problem.
> >>> >>
> >>> >> Nothing at http://www.modssl.org/docs/2.5/ssl_howto.html seems
> >>> to remotely
> >>> >> match what Cobalt did with SSL.
> >>> >>
> >>> >> Tony
> >>> >>
> >>> >
> >>> >
> >>> >_______________________________________________
> >>> >cobalt-developers mailing list
> >>>
> >>> >cobalt-developers@xxxxxxxxxxxxxxx
> >>> >http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >>> >
> >>> ********************************************
> >>> Media Design Services
> >>> P.O. Box 3153
> >>> Santa Rosa, CA 95402
> >>> Phone: 707-575-1640
> >>> Fax:     707-578-3171
> >>>  www.mediadesign-mds.com
> >>>
> >>> WebcamSearch.com
> >>>  www.webcamsearch.com
> >>>
> >>> Northern California Tennis Connection
> >>>  www.norcaltennis.com
> >>> *********************************************
> >>>
> >>> _______________________________________________
> >>> cobalt-developers mailing list
> >>> cobalt-developers@xxxxxxxxxxxxxxx
> >>> http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >>>
> >>
> >>
> >>_______________________________________________
> >>cobalt-developers mailing list
> >>cobalt-developers@xxxxxxxxxxxxxxx
> >>http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >> 
> >********************************************
> >Media Design Services
> >P.O. Box 3153
> >Santa Rosa, CA 95402
> >Phone: 707-575-1640
> >Fax:     707-578-3171
> > www.mediadesign-mds.com 
> >
> >WebcamSearch.com
> > www.webcamsearch.com 
> >
> >Northern California Tennis Connection
> > www.norcaltennis.com 
> >********************************************* 
> >
> >_______________________________________________
> >cobalt-developers mailing list
> >cobalt-developers@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-developers
> > 
> ********************************************
> Media Design Services
> P.O. Box 3153
> Santa Rosa, CA 95402
> Phone: 707-575-1640
> Fax:     707-578-3171
>  www.mediadesign-mds.com 
> 
> WebcamSearch.com
>  www.webcamsearch.com 
> 
> Northern California Tennis Connection
>  www.norcaltennis.com 
> ********************************************* 
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
References:
- RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
  - From: BlakeWebster
Prev by Date: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Next by Date: [cobalt-developers] Compiling pcmcia-package in Cube2
Previous by thread: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Next by thread: RE: [cobalt-developers] RE: SSL For Entire Server: SOLVED.
Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index