[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Problems installing Tucows/Entrust SSL Certificate (RAQ3)

Subject: RE: [cobalt-users] Problems installing Tucows/Entrust SSL Certificate (RAQ3)
From: George Kirikos <gkirikos@xxxxxxxxx>
Date: Fri Apr 27 04:12:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hello,

The problem is now solved.

It turns out that the file provided by Gavin won't work. Instead, I got
things to work using the one supplied by Entrust.

So, in httpd.conf I added the line:

SSLCACertificateFile /etc/httpd/conf/entrustchaincert.txt

(after copying the chain certificate to the relevant path above)

Now when opening in old versions of Netscape or IE, it contains the
correct certification path (Thawte-->Entrust-->my website), and there
are no ugly warnings.

By the way, for the instructions at:

http://www.entrust.net/tech/apachemod_ssl/install.htm#chaincert

I did not have to do any of the steps 1 through 7. I just needed to add
the above line (and install using the Cobalt RAQ admin screens, pasting
in the certificate for the website itself). Hopefully folks searching
the archives of this mailing list will benefit from the solution.

Sincerely,

George Kirikos

--- Gavin Nelmes-Crocker <gavin@xxxxxxxxxx> wrote:
> > I'm having som troubles installing the Entrust "chain" certificate
> on a
> > RAQ3. The instructions are at:
> >
> > http://www.entrust.net/tech/apachemod_ssl/install.htm#chaincert
> >
> > In particular, it says:
> >
> > "Save the certificate in the directory identified by the
> > SSLCACertificatePath entry (in "httpd.conf")"
> >
> > I can't find any reference to SSLCACertificatePath in httpd.conf.
> Has
> > anyone been able to figure out how to install this?
> 
> Ok there are two things you need to do, first is save either the file
> supplied by tucows or the one attached (Should work for any current
> cert
> authority) as ca-bundle (no extension)in the /etc/httpd/conf folder
> 
> Then you need to edit the httpd.conf file and search for ca-bundle
> you
> should find the line is commented out, uncomment it.  A couple of
> lines
> above say that you need to uncomment this if you use other certs. 
> Save and
> exit.
> 
> You now need to restart apache /etc/rc.d/inet.d/httpd restart
> 
> You will see the screen stop web service and then restart this, if
> there any
> errors make a note
> 
> Any problems drop me a mail.
> 
> This also works for Equifax Certs as I found to my cost!  I have
> brought
> this up internally as a bug.
> 
> Regards
> 
> Gavin
> 

> ATTACHMENT part 2 application/x-x509-ca-cert name=ca-bundle.crt

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

Follow-Ups:
- [cobalt-users] Problems with htaccess file
  - From: The Thieving Gypsy

Prev by Date: [cobalt-users] Re: Tomcat installation
Next by Date: [cobalt-users] what the hell kind of crap is this???
Previous by thread: [cobalt-users] Problems installing Tucows/Entrust SSL Certificate (RAQ3)
Next by thread: [cobalt-users] Problems with htaccess file

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index