[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Equifax Secure Certificate installation on RAQ3

Subject: [cobalt-users] Equifax Secure Certificate installation on RAQ3
From: "Support" <support@xxxxxxxxxxxx>
Date: Fri Sep 15 18:17:17 2000

It seems like a few people have had trouble getting their Equifax
certificate working on the RAQ3.  I know I did.  These instructions are what
Equifax sent me after a half a dozen e-mails.  I used the first of these
methods... and had a few problems, so I also did the second method.  And
everything is finally working great.  The certificate that I got was for the
server name itself.  I hope this helps someone out there.
BTW - thanks all for the helpful suggestions.
===================================

Instructions for installing Equifax certificates on
Cobalt RaQ3 and RaQ3i platforms.

=========================================================

A) If installing a certificate for the "main" site
(which automatically includes the web-based admin suite):

1) shut down the administrative Apache server, using (as root):
/etc/rc.d/init.d/admserv stop

2) Copy the contents of "Your_Web_Server_Certificate.txt"
into the file:  /home/sites/home/certs/certificate
Be sure to copy the ENTIRE certificate contents from
the "-----BEGIN CERTIFICATE-----" up to and including
the "-----END CERTIFICATE-----" lines.

3) Copy the contents of "Equifax_Secure_eBusiness_CA-2.txt"
into the file:  /home/sites/home/certs/ca
Be sure to copy the ENTIRE certificate contents from
the "-----BEGIN CERTIFICATE-----" up to and including
the "-----END CERTIFICATE-----" lines.

4) Edit the file:
/etc/admserv/conf/ssl.conf
making sure the bottom of the file reads as follows:

#   Server Certificate:
SSLCertificateFile    /home/sites/home/certs/certificate
SSLCertificateKeyFile /home/sites/home/certs/key
SSLCACertificateFile  /home/sites/home/certs/ca

5) Restart the administrative apache server, using:
/etc/rc.d/init.d/admserv start

=========================================================

B) If installing a certificate for a virtual site (eg. "site1"):

1) shut down the main Apache server, using (as root):
/etc/rc.d/init.d/httpd stop

2) Copy the contents of "Your_Web_Server_Certificate.txt"
into the file: /home/sites/site1/certs/certificate
[replace "site1" as appropriate]
Be sure to copy the ENTIRE certificate contents from
the "-----BEGIN CERTIFICATE-----" up to and including
the "-----END CERTIFICATE-----" lines.

3) Copy the contents of "Equifax_Secure_eBusiness_CA-2.txt"
into the file:  /home/sites/site1/certs/ca
[replace "site1" as appropriate]
Be sure to copy the ENTIRE certificate contents from
the "-----BEGIN CERTIFICATE-----" up to and including
the "-----END CERTIFICATE-----" lines.

4) Edit the file:
/etc/httpd/conf/httpd.conf
making sure the appropriate part of the file reads:

        # Hardcoded, issues with mod_perl and cobalt modules.
        if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
            $ret = ssl_cert_check("/home/sites/$group/certs/");
            if ($ret=~/^2/o) {
                $PerlConfig .= "Listen $ip:443\n";
                $PerlConfig .= "<VirtualHost $ip:443>\n";
                $PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
$PerlConfig .= "SSLCACertificateFile /home/sites/$group/certs/ca\n";
                $PerlConfig .= join('', @ssl_conf);
            } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
                $PerlConfig .= "Listen $ip:443\n";
                $PerlConfig .= "<VirtualHost $ip:443>\n";
                $PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
$PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/ca\n";
                $PerlConfig .= join('', @ssl_conf);
            } else {
                print STDERR "Site $group has invalid certificate: $ret\n";

5) Restart the main Apache server, using:
/etc/rc.d/init.d/httpd start

Note: If installing more than one certificate on a single RaQ3(i),
each relevant site must be on its own IP address.

=========================================================
Michael Snudden
http://raventec.com

Follow-Ups:
- Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3
  - From: Mark Baker - Cobalt Lists

Prev by Date: Re: [cobalt-users] PHP Installation - newbie
Next by Date: RE: [cobalt-users] Missing WHOIS
Previous by thread: [cobalt-users] PHP Installation - newbie
Next by thread: Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index