[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re: secure cert & netscape
- Subject: [cobalt-users] Re: secure cert & netscape
- From: "Michelle A. Hoyle" <michelle@xxxxxxxxxxxxx>
- Date: Mon Sep 3 20:51:29 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Jeff Lasman:
jonothon ortiz wrote:
> Jeff, the issue isn't that we are telling you to tell the customer to
> switch. The issue is that the customer is using something that:
>
> a. can't handle SSL properly
My copy of Netscape 4.72 has always handled SSL properly. Until this
weekend. Including Cobalt RaQ3s using SSL for administration. The
issue may or may not be a RaQ4/SSl issue. What's sad from my point of
view is that no one seems to be interested in finding out, everyone is
willing to say "just use something else". That's the Microsoft
mentality if I ever saw it. At least from my point of view <frown>.
Actually, I complained about this almost back in October of last year
on the Developer's List. I am using a RaQ4r and Netscape 4.7x on
Mac. Here's what my [edited] original series of postings and the
responses, plus some additional comments. Maybe this will help shed
some light on the problem.
Message: 3
Date: Wed, 25 Oct 2000 14:29:26 +0100
From: "Michelle A. Hoyle" <michelle@xxxxxxxxxxxxx>
Subject: [cobalt-developers] Raq4: SSL main site certificate and other SSL
Since I've upgraded from my Raq2 (using Brosoft's drop-in replacement
adminserv package) to my Raq4, I've encountered some very
frustrating and odd problems with my Raq4 once I copied my machine
certificate from my old Raq2 to my new Raq4 (they have the same
name). Here's a summary of the problems experienced and what I want.
Below that I'll outline things that I've tried and discovered about
the problems.
Problems:
1) I can't use Netscape anymore to administer my Raq. It works OK
with Internet Explorer but not Netscape.
2) When someone tries to access a forbidden or non-existent page, the
Raq uses https to display those Cobalt graphics because of the
rewrite rules in the Raq4's httpd.conf (main)
3) If someone goes http://virtualsite.com/siteadmin/, the rewrite
rules give us
https://virtualsite.com:81/.cobalt/siteManage/virtualsite.com/index.html.
Which means that they can't take advantage of *my* machine-wide site
certificate for managing their account securely and they get a
certificate mismatch error in Netscape and 60 billion error messages
in Internet Explorer.
<SNIP>
What's known:
1) This is a really weird problem. The certificate worked fine for
administration on my Raq2 with Brosoft's package. My administration
module worked fine with Netscape on the Raq4 before I installed the
certificate. I've been trying to hash this out with Thawte, the
certificate authority. What we've determined is that it's something
to do with the setup on the Raq and not the certificate. The
certificate itself works fine from the main site of my Raq using any
CGI or PHP generated output from within Netscape. They think it
might have to do with the :81 added and then accessed via https.
Maybe Netscape gets confused?
Date: Wed, 25 Oct 2000 20:31:40 +0100
From: "Michelle A. Hoyle" <michelle@xxxxxxxxxxxxx>
Subject: [cobalt-developers] Re: Raq4: SSL main site certificate and other SSL
I may have been a little to succinct earlier this morning with
respect to problem 1:
>1) I can't use Netscape anymore to administer my Raq. It works OK
>with Internet Explorer but not Netscape.
This, as I mentioned, is pretty darned strange. I can get the
graphics for the administration interface to come up and, every once
in awhile, something in the main frame but normally going to
http://raq.transcena.com/admin/ results in the graphics on the left
and an endlessly spinning Netscape logo as it tries to display the
contents of the siteList.cgi-thing. Likewise, same sort of
behaviour, but with the userlist in an individual site. I have been
able on occassion to get the control panel to pop up but nothing in
it like e-mail, etc.
A reply from someone else:
From: ennio@xxxxxxxxx
Subject: Re: [cobalt-developers] Re: Raq4: SSL main site certificate
and other SSL
Date: Thu, 26 Oct 2000 06:43:51 GMT
I had the same kind of behaviour and my problem was that my browser was set up
to the German language after switching to US English the browser woks
perfectly.
I hope it help also for you too.
My end solution to the problem:
Message: 2
Date: Thu, 26 Oct 2000 12:04:57 +0100
To: cobalt-developers@xxxxxxxxxxxxxxx
From: "Michelle A. Hoyle" <michelle@xxxxxxxxxxxxx>
Subject: [cobalt-developers] Raq4: SSL main site certificate and other SSL
Reply-To: cobalt-developers@xxxxxxxxxxxxxxx
>From: ennio@xxxxxxxxx
>Date: Thu, 26 Oct 2000 06:43:51 GMT
>Reply-To: cobalt-developers@xxxxxxxxxxxxxxx
>
>I had the same kind of behaviour and my problem was that my
browser was set up
>to the German language after switching to US English the browser woks
>perfectly.
>I hope it help also for you too.
>
>Michelle Hoyle said:
> > I may have been a little to succinct earlier this morning with
> > respect to problem 1:
> >
> >
> > >1) I can't use Netscape anymore to administer my Raq. It works OK
> > >with Internet Explorer but not Netscape.
> >
You know, I can't *BELIEVE* that was the problem. I did as you
suggested and, you're right, that solved the problem. My browser was
set to English in the first place but not US English (probably
because I don't live in the US and the various software installers
know that).
So I'm supposed to go around and tell all of my clients using
Netscape to add "English (US)" to their list of languages?
OK. I did some poking around. The problem lies in the names of the
files in /usr/admserv/html/.cobalt/search:
total 4
-rw-r--r-- 1 root root 1734 Jun 30 03:03 search_users.html.en_US
-rw-r--r-- 1 root root 1594 Jun 30 03:03 search_vsite.html.en_US
Notice that those two files cover the virtual site and the user list,
both of which I couldn't get to come up! Notice the endings on the
those files? That's why we have to include en_US in Netscape. (By
the way, those are the only two files on my Raq4's admserv HTML
directories that end in .en_US. The rest all just end in .en)
Internet Explorer (which is set to English (en)) must take anything
that starts with en as veing valid for English. Netscape is pickier.
Anyway, I'm just going to... rename those files to .en, like
everything else.
Looks like that works (after I've removed the .en_US from my Netscape
preferences). I'd say this is a Cobalt BUG and they should fix that
at some point in a patch. (Who do you report these kinds of bugs to
anyway?)
Finally, I'd still also like to know why this was only an issue for
me after I moved the certificate? I created all the accounts/etc on
the machine using the GUI before I moved the certificate from the old
machine to the new and it all worked fine then without .en_US.
Thanks, though. Thawte and I never guessed that and we've been
hacking away at this problem for more than a week now. Well, one
problem down, two to go.
Note: When I had Cobalt Professional Services build me a version of
Apache with *ALL* of the Apache standard modules compiled properly as
DSOs, my administration stopped working for Netscape. I've *NEVER*
been able to get it to go again in Netscape. However, either of the
two above solutions will likely work if you're still using Apache
1.3.12 on a Raq4. It's likely it will also work with the latest
Cobalt package for Apache 1.3.20.
Let us know how you make out!
Michelle
--
----| TRANSCENA DESIGN |----------------------------
Michelle A. Hoyle, VP Web Technologies, Canada
#801 T.D. Tower, Edmonton, Alberta, Canada T5J 2Z1
N. America: 1-888-429-2363 | UK: 020 7529 1465
International: +1 780 429 2363
------------------| internet design architects |--------