[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS

Subject: Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
From: flash22@xxxxxxx
Date: Wed Oct 24 11:50:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 24 Oct 2001, Liam DelaHunty wrote:
> Hmmm. What private key? I didn't send them anything, I got a present from my
> ISP so what am I to do? Go over to my ISP cap-in-hand, or to the nice people
> at Thawte to beg for another or is there something I can do?

You willhave to ask them for it, you can't generate the CSR after the fact
, here's how it works, first a private key is made *for that server*, then
a CSR is made from that key, that CSR was sent to thawte who made your key
from it...it matches the private key originally used, without the private
key the cert is totally useless ...

> 
> Additionally I've assumed that I'd need DNS to reach secure.mydomain.com so
> I've enabled DNS and have added A records for:
> mydomain.com		xxx.xxx.xx.xx
> www.mydomain.com		xxx.xxx.xx.xx
> secure.mydomain.com	xxx.xxx.xx.xx
> all at the same IP address.
> 
> I didn't check "Automatic Reverse Address Record Generation" in any case.
> (Should I?)
> 
> I also added MX records, for mydomain.com and www.mydomain.com.

yes,no,good

> 
> The Primary Name Server (NS) Host Name  for the SOA is www.mydomain.com.
> There isn't a Secondary Name Server.

bad..you should have one...both should match whatever you registered
> 
> Now if I go to http://www.mydomain.com everything is as before.
> If I try https://www.mydomain.com/ I got a warning about the certificate
> (which is okay as the cert is for secure.mydomain.com)
> If I try either http://secure.mydomain.com or https://secure.mydomain.com I
> get a "The page cannot be displayed" error.
> 
> So does a new DNS record take a while to work or more likely have I got
> something wrong...? BTW if you do a trace route to my server it comes up as
> server1.mydomain.com.

The https won't load if the cert is bad....the http won't work unless you
enabled the subdomain, for new DNS, hitting it a few times usually
resolves it ...

> 
> Another concern is that I would ideally like the admin facility on the main
> site to be secure; so could I just add "secure.mydomain.com" to the Web
> server alias on the GUI for www.mydomain.com rather than have a separate
> virtual site for secure.mydomain.com? Would that have been the better way to
> have approached this anyway?

Probably, you can still do it that way///nothing in computers is forever
;0

gsh

Follow-Ups:
- Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
  - From: David Thurman

References:
- [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
  - From: Liam DelaHunty

Prev by Date: RE: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
Next by Date: [cobalt-users] sending mail from an ASP page
Previous by thread: RE: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
Next by thread: Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index