[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS

Subject: Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
From: David Thurman <dthurman@xxxxxxxxxxxxxxxxxxxx>
Date: Wed Oct 24 17:14:50 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

on 10-24-01 2:05 PM, flash22@xxxxxxx at flash22@xxxxxxx was reported to have
made a statement that said this:

> On Wed, 24 Oct 2001, Liam DelaHunty wrote:
>> Hmmm. What private key? I didn't send them anything, I got a present from my
>> ISP so what am I to do? Go over to my ISP cap-in-hand, or to the nice people
>> at Thawte to beg for another or is there something I can do?
> 
> You willhave to ask them for it, you can't generate the CSR after the fact
> , here's how it works, first a private key is made *for that server*, then
> a CSR is made from that key, that CSR was sent to thawte who made your key
> from it...it matches the private key originally used, without the private
> key the cert is totally useless ...

Even if they have the private key, if it wasn't done on the Raq he will need
to have the cert reissued or rebought- depending on Thawte policy is. I just
went through all that moving someone from a Debian to the Raq. Cost me
$100.00 to get a reissued cert.
> 
>> 
>> Additionally I've assumed that I'd need DNS to reach secure.mydomain.com so
>> I've enabled DNS and have added A records for:
>> mydomain.com        xxx.xxx.xx.xx
>> www.mydomain.com        xxx.xxx.xx.xx
>> secure.mydomain.com    xxx.xxx.xx.xx
>> all at the same IP address.
>> 
>> I didn't check "Automatic Reverse Address Record Generation" in any case.
>> (Should I?)
>> 
>> I also added MX records, for mydomain.com and www.mydomain.com.
> 
> yes,no,good
> 
>> 
>> The Primary Name Server (NS) Host Name  for the SOA is www.mydomain.com.
>> There isn't a Secondary Name Server.
> 
> bad..you should have one...both should match whatever you registered
>> 
>> Now if I go to http://www.mydomain.com everything is as before.
>> If I try https://www.mydomain.com/ I got a warning about the certificate
>> (which is okay as the cert is for secure.mydomain.com)
>> If I try either http://secure.mydomain.com or https://secure.mydomain.com I
>> get a "The page cannot be displayed" error.
>> 
>> So does a new DNS record take a while to work or more likely have I got
>> something wrong...? BTW if you do a trace route to my server it comes up as
>> server1.mydomain.com.
> 
> The https won't load if the cert is bad....the http won't work unless you
> enabled the subdomain, for new DNS, hitting it a few times usually
> resolves it ...
> 
>> 
>> Another concern is that I would ideally like the admin facility on the main
>> site to be secure; so could I just add "secure.mydomain.com" to the Web
>> server alias on the GUI for www.mydomain.com rather than have a separate
>> virtual site for secure.mydomain.com? Would that have been the better way to
>> have approached this anyway?
> 
> Probably, you can still do it that way///nothing in computers is forever
> ;0
> 
> gsh
> 
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
> 

--
Thank you,
David E Thurman
The Web Presence Group
309.676.5688
dthurman@xxxxxxxxxxxxxxxxxxxx
http://www.webpresencegroup.net

References:
- Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
  - From: flash22

Prev by Date: Re: [cobalt-users] *.Zip and *.swf do not display correctly
Next by Date: Re: [cobalt-users] *.Zip and *.swf do not display correctly
Previous by thread: Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
Next by thread: [cobalt-users] chmod command

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index