[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] SSL Certs from Equifax

Subject: RE: [cobalt-developers] SSL Certs from Equifax
From: "Tony" <isplists@xxxxxxxxxxxx>
Date: Tue May 16 07:30:40 2000

I had to modify this section in the httpd.conf file:
=====================================================================
 # Hardcoded, issues with mod_perl and cobalt modules.
        if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
            $ret = ssl_cert_check("/home/sites/$group/certs/");
            if ($ret=~/^2/o) {
                $PerlConfig .= "Listen $ip:443\n";
                $PerlConfig .= "<VirtualHost $ip:443>\n";
                $PerlConfig .= "SSLengine on\n";
                $PerlConfig .= "SSLCertificateFile
/home/sites/$group/certs/certificate\n";
                $PerlConfig .= "SSLCertificateKeyFile
/home/sites/$group/certs/key\n";
                $PerlConfig .= "SSLCACertificateFile
/home/sites/$group/certs/cacert\n";  #ADDED THIS LINE
                $PerlConfig .= join('', @ssl_conf);
            } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
                $PerlConfig .= "Listen $ip:443\n";
                $PerlConfig .= "<VirtualHost $ip:443>\n";
                $PerlConfig .= "SSLengine on\n";
                $PerlConfig .= "SSLCertificateFile
/home/sites/home/certs/certificate\n";
                $PerlConfig .= "SSLCertificateKeyFile
/home/sites/home/certs/key\n";
                $PerlConfig .= "SSLCACertificateFile
/home/sites/home/certs/cacert\n";    #ADDED THIS LINE
                $PerlConfig .= join('', @ssl_conf);
            } else {
                print STDERR "Site $group has invalid certificate: $ret\n";
=====================================================================

SSLCACertificate file is the second cert that Equifax sends you. I saved
mine as 'cacert' per Apache's naming scheme.
The Apache SSL on the Raq needs this as it does not automatically recognize
Equifax. Actually the Certificate Authority
behind Equifax is Thawte. Once you save the CA Cert file, add the two lines
above and make sure you do a full reboot you
should be set to go.

> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tarren
> Sent: Monday, May 15, 2000 10:19 AM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: [cobalt-developers] SSL Certs from Equifax
>
>
> Tony,
>
> Thanks for the tip for cheap SSL Certs at equifax.
> I have now received three pairs of keys; one for the server-admin and two
> for two separate secure sites.
>
> Can you please outline the changes in the httpd.conf file, as having the
> Certs in two parts is confusing me; I don't understand why I've got two
> parts for each site!
>
> I presume it's this bit that needs changing: httpd.conf ->
>
> # Hardcoded, issues with mod_perl and cobalt modules.
>         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
>             $ret = ssl_cert_check("/home/sites/$group/certs/");
>             if ($ret=~/^2/o) {
>                 $PerlConfig .= "Listen $ip:443\n";
>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
>                 $PerlConfig .= "SSLengine on\n";
>                 $PerlConfig .= "SSLCertificateFile
> /home/sites/$group/certs/certificate\n";
>                 $PerlConfig .= "SSLCertificateKeyFile
> /home/sites/$group/certs/key\n";
>                 $PerlConfig .= join('', @ssl_conf);
>             } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
>                 $PerlConfig .= "Listen $ip:443\n";
>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
>                 $PerlConfig .= "SSLengine on\n";
>                 $PerlConfig .= "SSLCertificateFile
> /home/sites/home/certs/certificate\n";
>                 $PerlConfig .= "SSLCertificateKeyFile
> /home/sites/home/certs/key\n";
>                 $PerlConfig .= join('', @ssl_conf);
>             } else {
>                 print STDERR "Site $group has invalid
> certificate: $ret\n";
>
> on 4/5/00 3:19 pm, Tony at isplists@xxxxxxxxxxxx wrote:
>
> Regards,
>
> Tarren.
>
> > Well there is a little extra work to do...You need to add an
> extra line in
> > the http.conf to point to their CA cert. I'm sure Cobalt will
> get around to
> > patching this. Otherwise it seems to work fine.
> >
> >> -----Original Message-----
> >> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> >> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tarren
> >> Sent: Thursday, May 04, 2000 3:59 AM
> >> To: cobalt-developers@xxxxxxxxxxxxxxx
> >> Subject: Re: [cobalt-developers] SSL Error when using Site
> Control Panel
> >>
> >>
> >> on 2/5/00 10:06 pm, Tony at isplists@xxxxxxxxxxxx wrote:
> >>
> >>> For ecommerce reasons you really should consider seperate certs:
> >>>
> >>> $45 dollars at http://equifaxsecure.com until May 15. $89
> >>> thereafter. That shouldn't break the bank.
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

Follow-Ups:
- [cobalt-developers] Re: SSL Certs from Equifax
  - From: Tarren

References:
- [cobalt-developers] SSL Certs from Equifax
  - From: Tarren

Prev by Date: Re: [cobalt-developers] Site Deletion!
Next by Date: Re: [cobalt-developers] RAQ3i: Telnet denied
Previous by thread: [cobalt-developers] SSL Certs from Equifax
Next by thread: [cobalt-developers] Re: SSL Certs from Equifax

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index