[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re: equifaxsecure certs work on RaQ3i?
- Subject: [cobalt-users] Re: equifaxsecure certs work on RaQ3i?
- From: Tarren <tarren@xxxxxxxxxxxx>
- Date: Mon Jul 17 13:14:01 2000
on 17/7/00 7:41 pm, vic@xxxxxxxxxxxxxxx at vic@xxxxxxxxxxxxxxx wrote:
> Do the equifaxsecure certs work on the RaQ3i?
Yes, they work just fine. We are using three of them, one to secure the main
Web-based Admin suite.
Please excuse the long post, but for reference, here are the instructions
for installation of Equifax certificates on a RaQ3(i):
A) If installing a certificate for the "main" site (which automatically
includes the web-based admin suite):
1) shut down the administrative apache server, using (as root):
/etc/rc.d/init.d/admserv stop
2) Copy the contents of "Your_Web_Server_Certificate.txt" into the file:
/home/sites/home/certs/certificate
Be sure to copy the ENTIRE certificate contents from the "-----BEGIN
CERTIFICATE-----" up to and including the "-----END CERTIFICATE-----" lines.
3) Copy the contents of "Equifax_Secure_eBusiness_CA.txt" into the file:
/home/sites/home/certs/ca
Be sure to copy the ENTIRE certificate contents from the "-----BEGIN
CERTIFICATE-----" up to and including the "-----END CERTIFICATE-----" lines.
4) Edit the file:
/etc/admserv/conf/ssl.conf
making sure the bottom of the file reads:
# Server Certificate:
SSLCertificateFile /home/sites/home/certs/certificate
SSLCertificateKeyFile /home/sites/home/certs/key
SSLCACertificateFile /home/sites/home/certs/ca
5) Restart the administrative apache server, using:
/etc/rc.d/init.d/admserv start
B) If installing a certificate for a virtual site (eg. site1):
1) shut down the main apache server, using (as root):
/etc/rc.d/init.d/httpd stop
2) Copy the contents of "Your_Web_Server_Certificate.txt" into the file:
/home/sites/site1/certs/certificate [replace site1 as appropriate]
Be sure to copy the ENTIRE certificate contents from the "-----BEGIN
CERTIFICATE-----" up to and including the "-----END CERTIFICATE-----" lines.
3) Copy the contents of "Equifax_Secure_eBusiness_CA.txt" into the file:
/home/sites/site1/certs/ca [replace site1 as appropriate]
Be sure to copy the ENTIRE certificate contents from the "-----BEGIN
CERTIFICATE-----" up to and including the "-----END CERTIFICATE-----" lines.
4) Edit the file:
/etc/httpd/conf/httpd.conf
making sure the appropriate part of the file reads:
# Hardcoded, issues with mod_perl and cobalt modules.
if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
$ret = ssl_cert_check("/home/sites/$group/certs/");
if ($ret=~/^2/o) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
$PerlConfig .= "SSLCACertificateFile /home/sites/$group/certs/ca\n";
$PerlConfig .= join('', @ssl_conf);
} elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
$PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/ca\n";
$PerlConfig .= join('', @ssl_conf);
} else {
print STDERR "Site $group has invalid certificate: $ret\n";
5) Restart the main apache server, using:
/etc/rc.d/init.d/httpd start
Note: If installing more than one certificate on a single RaQ3(i), each
relevant site must be on its own IP address.
Regards,
Tarren.