[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3

We were told that these instructions are wrong, and we designed for the
RaQ2, so you can paste the certificate in to the normal GUI window.

However we had to rebuild our RaQ3  (after the certificate installation
damaged it) so I backed up the key file e.t.c but now I'm not having any
luck getting the certificate to work again!
It pastes in OK and doesn't give any errors, but take a look at
https://secure.darkuk.net to see the problem.

Any ideas anyone? Maybe someone from cobalt can comment?

Regards,

Mark Baker
Dark Marketing Ltd
http://www.yoursitehere.co.uk

Reply e-mail: mark@xxxxxxxxxxxxxxxxxx
----- Original Message -----
From: Support <support@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, September 13, 2000 10:59 PM
Subject: [cobalt-users] Equifax Secure Certificate installation on RAQ3


> It seems like a few people have had trouble getting their Equifax
> certificate working on the RAQ3.  I know I did.  These instructions are
what
> Equifax sent me after a half a dozen e-mails.  I used the first of these
> methods... and had a few problems, so I also did the second method.  And
> everything is finally working great.  The certificate that I got was for
the
> server name itself.  I hope this helps someone out there.
> BTW - thanks all for the helpful suggestions.
> ===================================
>
> Instructions for installing Equifax certificates on
> Cobalt RaQ3 and RaQ3i platforms.
>
> =========================================================
>
> A) If installing a certificate for the "main" site
> (which automatically includes the web-based admin suite):
>
> 1) shut down the administrative Apache server, using (as root):
> /etc/rc.d/init.d/admserv stop
>
> 2) Copy the contents of "Your_Web_Server_Certificate.txt"
> into the file:  /home/sites/home/certs/certificate
> Be sure to copy the ENTIRE certificate contents from
> the "-----BEGIN CERTIFICATE-----" up to and including
> the "-----END CERTIFICATE-----" lines.
>
> 3) Copy the contents of "Equifax_Secure_eBusiness_CA-2.txt"
> into the file:  /home/sites/home/certs/ca
> Be sure to copy the ENTIRE certificate contents from
> the "-----BEGIN CERTIFICATE-----" up to and including
> the "-----END CERTIFICATE-----" lines.
>
> 4) Edit the file:
> /etc/admserv/conf/ssl.conf
> making sure the bottom of the file reads as follows:
>
> #   Server Certificate:
> SSLCertificateFile    /home/sites/home/certs/certificate
> SSLCertificateKeyFile /home/sites/home/certs/key
> SSLCACertificateFile  /home/sites/home/certs/ca
>
> 5) Restart the administrative apache server, using:
> /etc/rc.d/init.d/admserv start
>
> =========================================================
>
> B) If installing a certificate for a virtual site (eg. "site1"):
>
> 1) shut down the main Apache server, using (as root):
> /etc/rc.d/init.d/httpd stop
>
> 2) Copy the contents of "Your_Web_Server_Certificate.txt"
> into the file: /home/sites/site1/certs/certificate
> [replace "site1" as appropriate]
> Be sure to copy the ENTIRE certificate contents from
> the "-----BEGIN CERTIFICATE-----" up to and including
> the "-----END CERTIFICATE-----" lines.
>
> 3) Copy the contents of "Equifax_Secure_eBusiness_CA-2.txt"
> into the file:  /home/sites/site1/certs/ca
> [replace "site1" as appropriate]
> Be sure to copy the ENTIRE certificate contents from
> the "-----BEGIN CERTIFICATE-----" up to and including
> the "-----END CERTIFICATE-----" lines.
>
> 4) Edit the file:
> /etc/httpd/conf/httpd.conf
> making sure the appropriate part of the file reads:
>
>         # Hardcoded, issues with mod_perl and cobalt modules.
>         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
>             $ret = ssl_cert_check("/home/sites/$group/certs/");
>             if ($ret=~/^2/o) {
>                 $PerlConfig .= "Listen $ip:443\n";
>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
>                 $PerlConfig .= "SSLengine on\n";
> $PerlConfig .= "SSLCertificateFile
/home/sites/$group/certs/certificate\n";
> $PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
> $PerlConfig .= "SSLCACertificateFile /home/sites/$group/certs/ca\n";
>                 $PerlConfig .= join('', @ssl_conf);
>             } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
>                 $PerlConfig .= "Listen $ip:443\n";
>                 $PerlConfig .= "<VirtualHost $ip:443>\n";
>                 $PerlConfig .= "SSLengine on\n";
> $PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
> $PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
> $PerlConfig .= "SSLCACertificateFile /home/sites/home/certs/ca\n";
>                 $PerlConfig .= join('', @ssl_conf);
>             } else {
>                 print STDERR "Site $group has invalid certificate:
$ret\n";
>
> 5) Restart the main Apache server, using:
> /etc/rc.d/init.d/httpd start
>
> Note: If installing more than one certificate on a single RaQ3(i),
> each relevant site must be on its own IP address.
>
> =========================================================
> Michael Snudden
> http://raventec.com
>
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users