[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Certificate Question on Raq4 the Fix

Subject: RE: [cobalt-developers] Certificate Question on Raq4 the Fix
From: "Kevin M Carolan" <kevinc@xxxxxxxxxxxxxxxx>
Date: Fri Feb 8 12:48:18 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

Make sure you edit your trusted.txt to include the key for geotrust

Kevin

-----Original Message-----
From: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Gavin
Nelmes-Crocker
Sent: Friday, February 08, 2002 11:04 AM
To: Cobalt-Developers@List. Cobalt. Com
Subject: [cobalt-developers] Certificate Question on Raq4 the Fix

> > William Moore wrote:
> >
> > > I just bought a 128bit certificate from Geotrust ( formerly equifax )
> > > the thing installed fine, no problems  but when you go to the
> > site that is
> > > protected
> > > by it,  a popup comes up telling you the cert is self signed
> ??  Also no
> > > where on the cert does it tell you that it is by geortrust
> > >
> > > is this a problem with the cert I bought or did I do something wrong ?

I did an update for this whilst I was still at Cobalt but it didn't get
through to being released for some reason, anyway I have now updated it and
released it through www.CobaltWorld.com under pkgfactory downloads RaQ4
Basically it now includes the certificate bundle from IE6 found on the
openssl site (like it or not a large proportion of web users use IE in some
form and they probably have the most complete CA bundle) the pkg copies and
installs the bundle and then removes a # from httpd.conf - every step is
backed up and the uninstall in /var/lib/cobalt/uninstallers works cleanly.

I am fairly sure this will solve the Geotrust cert problem as well as
Entrust, Equifax and many others, Cobalt by default only accepts Thawte and
Verisign.

If you want to do this manually then follow the steps below

Copy a ca-bundle.crt file or the server cert supplied by your Authority to
/etc/http/conf and name it as ca-bundle

Edit httpd.conf and find #SSL uncomment and save

Restart httpd with /etc/rc.d/init.d/httpd restart or /etc/rc.d/init.d/httpd
reload which is cleaner to users I'm told but I'm not sure if it is enough
for this process.

Now you can enter your site certificate in the UI as normal and it should
get recognized if any one finds certs that don't using this method or my pkg
then please mail me at developers@xxxxxxxxxxxxxxx and I will look into it
further.

This has not been tested on a RaQ3 I need to build a box up later to check,
I believe it is similar but I don't think it is the same.  If anyone has a
new XTR and can do a quick search in httpd.conf for #SSL and let me know I
will do a pkg for them as well.

Hope this helps

Gavin

_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers

References:
- [cobalt-developers] Certificate Question on Raq4 the Fix
  - From: Gavin Nelmes-Crocker

Prev by Date: Re: [cobalt-developers] Accessing the console port
Next by Date: [cobalt-developers] Kernel-2.4 Packages
Previous by thread: [cobalt-developers] Certificate Question on Raq4 the Fix
Next by thread: Re: [cobalt-developers] Certificate Question on Raq4 the Fix

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index