[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Equifax Instructions

Subject: [cobalt-users] Equifax Instructions
From: Michael Wass <michael@xxxxxxxx>
Date: Thu Aug 3 03:42:21 2000

G'day folks ...

Come to think of it, the file's not that intensive. Here ya go!

Cobalt Instructions

           Contents

   I.  Generate a Certificate Signing Request (CSR)
  II.  Installing a Certificate for the "Main" Site
       (Includes web-based admin suite)
 III.  Installing a Certificate for a "Virtual" Site

==== I.  Generate a Certificate Signing Request (CSR) ==============

1.  Enable SSL

    (reference Cobalt Instructions)
    http://www.cobalt.com/support/pdf/raq3manual.pdf

2.  Generate a "self-signed" certificate

    (reference Cobalt Instructions)
    http://www.cobalt.com/support/pdf/raq3manual.pdf

3.  Enter Distinguished Name Information.  Make sure your Common Name
    is the "www.xxx.com" address presented to your users.

4.  The "Certificate Request" portion will be sent to Equifax Secure
    to generate your server certificate.

5.  Back-up the "Certificate Request" and the "Certificate"

    /home/sites/home/certs/certificate
    /home/sites/home/certs/request


==== II.  Installing a Certificate for the "Main" Site ==============


1.  As root, shutdown the administrative Apache server

    cd /etc/rc.d/init.d
    ./admserv stop

2.  Save the Server Certificate sent to you by Equifax Secure as
    "certificate" (Back-up or write over self signed certificate)
    Be sure to inclued ---BEGIN CERTIFICATE--- and
    ---END CERTIFICATE---

    /home/sites/home/certs/certificate

3.  Save the Equifax Secure eBusiness CA-2 certificate as "equifaxca2"
    or "ca" Be sure to include ---BEGIN CERTIFICATE--- and
    ---END CERTIFICATE---

    /home/sites/home/certs/equifaxca2

4.  Edit the ssl.conf file

    /etc/admserv/conf/ssl.conf

    - Add or edit the following lines to read:

      SSLCertificateFile /home/sites/home/certs/certificate
      SSLCertificateKeyFile /home/sites/home/certs/key
      SSLCACertificateFile /home/sites/home/certs/equifaxca2

5.  Restart the administrative apache server

    cd /etc/rc.d/init.d
    ./adminserv start


==== III.  Installing a Certificate for a "Virtual" Site ============


1.  Shut down the main Apache server (logon as root)

    cd /etc/rc.d/init.d
    ./httpd stop

2.  Save the Server Certificate sent to you by Equifax Secure as
    "certificate" (Back-up or write over self signed certificate)
    Be sure to inclued ---BEGIN CERTIFICATE--- and
    ---END CERTIFICATE---

    /home/sites/home/certs/certificate

3.  Save the Equifax Secure eBusiness CA-2 certificate as "equifaxca2"
    or "ca" Be sure to inclued ---BEGIN CERTIFICATE--- and
    ---END CERTIFICATE---

    /home/sites/home/certs/equifaxca2

4.  Edit httpd.conf

    cd /etc/httpd/conf
    vi httpd.conf

    - Find the following section:

        # Hardcoded, issues with mod_perl and cobalt modules.
        if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
            $ret = ssl_cert_check("/home/sites/$group/certs/");
            if ($ret=~/^2/o) {
                $PerlConfig .= "Listen $ip:443\n";
                $PerlConfig .= "<VirtualHost $ip:443>\n";
                $PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
$PerlConfig .= "SSLCACertificateFile /home/sites/$group/certs/equifaxca2\n";
                $PerlConfig .= join('', @ssl_conf);
            } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
                $PerlConfig .= "Listen $ip:443\n";
                $PerlConfig .= "<VirtualHost $ip:443>\n";
                $PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
$PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/equifaxca2\n";
                $PerlConfig .= join('', @ssl_conf);
            } else {
                print STDERR "Site $group has invalid certificate: $ret\n";

* If you followed the default instructions provided, this section of
  the httpd.conf file should look as it does above

- Ensure that the "SSLCertificateFile" directives are using thecorrect path and

      file name for your server certificate

- Ensure that the "SSLCertificateKeyFile" directives are using thecorrect path

      and file name for your private key

- Ensure that the "SSLCACertificateFile" directives are using thecorrect path

      and file name for the Equifax Secure eBusiness CA-2 (equifaxca2)

5.  Restart the main Apache server

    cd /etc/rc.d/init.d
    ./httpd start

All that direct from the vendor.

Cheerz,

/\/\\/\/.

References:
- [cobalt-users] Equifaxsecure and Thawte Certificates?
  - From: Mike Fritsch
- Re: [cobalt-users] Equifaxsecure and Thawte Certificates?
  - From: Robert G. Fisher
- Re: [cobalt-users] Equifaxsecure and Thawte Certificates?
  - From: Mike Fritsch

Prev by Date: Re: [cobalt-users] Equifaxsecure and Thawte Certificates?
Next by Date: RE: [cobalt-users] Can I get rid of the hostname completely?
Previous by thread: Re: [cobalt-users] Equifaxsecure and Thawte Certificates?
Next by thread: Re: [cobalt-users] Equifaxsecure and Thawte Certificates?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index