[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3

Subject: Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3
From: "Randall Clark" <wz297@xxxxxxxxxxxxxx>
Date: Sun Sep 17 20:12:21 2000
The cobalt has this option avail over the user interface.  Enable SSL on the
site and go to the SSL settings using the interface.


----- Original Message -----
From: "Mark Baker - Cobalt Lists" <cobalt@xxxxxxxxxxxxxxxxxx>
To: <isplists@xxxxxxxxxxxx>
Cc: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Sunday, September 17, 2000 1:47 PM
Subject: Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3


> Great... can someone give me instructions for using VI to edit this part ?
> Including all commands, I need the most basic ones even!
>
> e.g.copying httpd.conf as a backup, finding lines e.t.c, and so on.
>
> Thanks, sorry for being so slow about this!
>
> Regards,
>
> Mark Baker
> Dark Marketing Ltd
> http://www.yoursitehere.co.uk
> ------------------------------------------------------------------
> Low cost Internet Solutions including Hosting,
> Domain Registration and Design.
> http://www.yoursitehere.co.uk | info@xxxxxxxxxxxxxxxxxx
> ------------------------------------------------------------------
> FREE .co.uk with Unix hosting package 2 to 7 at
> http://www.yoursitehere.co.uk !!
> ------------------------------------------------------------------
>
> ----- Original Message -----
> From: Tony <isplists@xxxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Cc: <mark@xxxxxxxxxxxxxxxxxx>
> Sent: Sunday, September 17, 2000 9:39 PM
> Subject: RE: [cobalt-users] Equifax Secure Certificate installation on
RAQ3
>
>
> > Jeff,
> >
> > I have no desire to get into a pissing match with you.
> >
> > Of course the browser will show Equifax.
> > The information I'm passing on that I orginally posted
> > to the Developers list came directly from an Equifax Apache engineer.
> > The Equifax Secure Server Certificates ARE chained to the Thawte CA.
> > =======================================================================
> > See: http://www.equifaxsecure.com/ebusinessid/cps.html
> >
> > 2. Equifax Secure Server Certificates
> >
> > Equifax Secure Server Certificates are X.509 Certificates with SSL
> > Extensions that chain to the Thawte CA and which facilitate secure
> > electronic commerce by providing limited authentication of a
Subscriber's
> > server and permitting SSL encrypted transactions between a Relying
Party's
> > browser and the Subscriber's server.
> > =======================================================================
> >
> > The orginal Cobalt Raq3 SSL rewrite rules did not allow for another CA
> other
> > than
> > Verisign/Thawte. That's why the Equifax certs don't work right out of
the
> > box.
> > One has to edit the httpd.conf to allow for the Equifax
SSLCACertificate.
> >
> > This is the solution: (cobalt-dev archives 5/16/2000)
> >
> > =====================================================================
> >  # Hardcoded, issues with mod_perl and cobalt modules.
> >         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
> >             $ret = ssl_cert_check("/home/sites/$group/certs/");
> >             if ($ret=~/^2/o) {
> >                 $PerlConfig .= "Listen $ip:443\n";
> >                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> >                 $PerlConfig .= "SSLengine on\n";
> >                 $PerlConfig .= "SSLCertificateFile
> > /home/sites/$group/certs/certificate\n";
> >                 $PerlConfig .= "SSLCertificateKeyFile
> > /home/sites/$group/certs/key\n";
> >                 $PerlConfig .= "SSLCACertificateFile
> > /home/sites/$group/certs/cacert\n";  #ADDED THIS LINE
> >                 $PerlConfig .= join('', @ssl_conf);
> >             } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ )
{
> >                 $PerlConfig .= "Listen $ip:443\n";
> >                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> >                 $PerlConfig .= "SSLengine on\n";
> >                 $PerlConfig .= "SSLCertificateFile
> > /home/sites/home/certs/certificate\n";
> >                 $PerlConfig .= "SSLCertificateKeyFile
> > /home/sites/home/certs/key\n";
> >                 $PerlConfig .= "SSLCACertificateFile
> > /home/sites/home/certs/cacert\n";     # <=========ADDED THIS LINE
> >                 $PerlConfig .= join('', @ssl_conf);
> >             } else {
> >                 print STDERR "Site $group has invalid certificate:
> $ret\n";
> > =====================================================================
> >
> > SSLCACertificate file is the second cert that Equifax sends you. I saved
> > mine as 'cacert' per Apache's naming scheme.
> > The Apache SSL on the Raq needs this as it does not automatically
> recognize
> > Equifax. Actually the Certificate Authority
> > behind Equifax is Thawte. Once you save the CA Cert file, add the two
> lines
> > above and make sure you do a full reboot you
> > should be set to go.
> >
> > > -----Original Message-----
> > > From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> > > [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Tarren
> > > Sent: Monday, May 15, 2000 10:19 AM
> > > To: cobalt-developers@xxxxxxxxxxxxxxx
> > > Subject: [cobalt-developers] SSL Certs from Equifax
> > >
> > >
> > > Tony,
> > >
> > > Thanks for the tip for cheap SSL Certs at equifax.
> > > I have now received three pairs of keys; one for the server-admin and
> two
> > > for two separate secure sites.
> > >
> > > Can you please outline the changes in the httpd.conf file, as having
the
> > > Certs in two parts is confusing me; I don't understand why I've got
two
> > > parts for each site!
> > >
> > > I presume it's this bit that needs changing: httpd.conf ->
> > >
> > > # Hardcoded, issues with mod_perl and cobalt modules.
> > >         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
> > >             $ret = ssl_cert_check("/home/sites/$group/certs/");
> > >             if ($ret=~/^2/o) {
> > >                 $PerlConfig .= "Listen $ip:443\n";
> > >                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> > >                 $PerlConfig .= "SSLengine on\n";
> > >                 $PerlConfig .= "SSLCertificateFile
> > > /home/sites/$group/certs/certificate\n";
> > >                 $PerlConfig .= "SSLCertificateKeyFile
> > > /home/sites/$group/certs/key\n";
> > >                 $PerlConfig .= join('', @ssl_conf);
> > >             } elsif (ssl_cert_check("/home/sites/home/certs/") =~
/^2/ )
> {
> > >                 $PerlConfig .= "Listen $ip:443\n";
> > >                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> > >                 $PerlConfig .= "SSLengine on\n";
> > >                 $PerlConfig .= "SSLCertificateFile
> > > /home/sites/home/certs/certificate\n";
> > >                 $PerlConfig .= "SSLCertificateKeyFile
> > > /home/sites/home/certs/key\n";
> > >                 $PerlConfig .= join('', @ssl_conf);
> > >             } else {
> > >                 print STDERR "Site $group has invalid
> > > certificate: $ret\n";
> > >
> > > on 4/5/00 3:19 pm, Tony at isplists@xxxxxxxxxxxx wrote:
> > >
> > > Regards,
> > >
> > > Tarren.
> > >
> > > > Well there is a little extra work to do...You need to add an
> > > extra line in
> > > > the http.conf to point to their CA cert. I'm sure Cobalt will
> > > get around to
> > > > patching this. Otherwise it seems to work fine.
> > > >
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Jeff Lasman
> > > Sent: Sunday, September 17, 2000 2:27 PM
> > > To: cobalt-users@xxxxxxxxxxxxxxx
> > > Subject: Re: [cobalt-users] Equifax Secure Certificate installation on
> > > RAQ3
> > >
> > >
> > > Tony wrote:
> > >
> > > > The CA for Equifax Certs is actually Thawte.
> > >
> > > Really?  See below...
> > >
> > > > You'll need to edit your httpd.conf correctly
> > > > in order to not receive that error.
> > > > Try https://www.registerforless.net/
> > > > and see if you get the same error. It's using an Equifax Cert.
> > >
> > > Here's what my browser returns for "https://www.registerforless.net/":
> > >
> > > > This Certificate belongs to:      This Certificate was issued by:
> > > >   www.registerforless.net           Equifax Secure E-Business CA
> > > >   admin@xxxxxxxxxxxxxxxxxxxxxxx     Equifax Secure Inc
> > > >   DOMAIN REGISTRATION               US
> > > >   Global Profit Solutions
> > > >   IRVING, TX, US
> > > >
> > > > Serial Number: 03:EF
> > > > This Certificate is valid from Mon Apr 17, 2000 to Tue Apr 17, 2001
> > > > Certificate Fingerprint:
> > > >   DC:20:AE:8F:4E:60:AA:3D:F7:EC:48:34:FF:39:D9:BA
> > >
> > > Sure doesn't look like Thawte to me.
> > >
> > > Jeff
> > > --
> > > Jeff Lasman <jblists@xxxxxxxxxxxxx>
> > > nobaloney.net
> > > P. O. Box 52672
> > > Riverside, CA  92517
> > > voice: (909) 787-8589  *  fax: (909) 782-0205
> > >
> > >
> > > _______________________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > To Subscribe or Unsubscribe, please go to:
> > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> > >
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
References:
- RE: [cobalt-users] Equifax Secure Certificate installation on RAQ3
  - From: Tony
- Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3
  - From: Mark Baker - Cobalt Lists
Prev by Date: [cobalt-users] ETRN says Sorry, we do not allow this operation
Next by Date: [cobalt-users] Nuevo sitio de recursos par usuarios de Cobalt/New Cobalt resources site
Previous by thread: Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3
Next by thread: Re: [cobalt-users] Equifax Secure Certificate installation on RAQ3
Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index