Re: OT: Thawte SSL on Mac OS X Server

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 61575
interpreted = N
texte = The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  2. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  3. Re: OT: Thawte SSL on Mac OS X Server ( Bob Minor 2005)
  4. Re: OT: Thawte SSL on Mac OS X Server ( Phil Herring 2005)
  5. OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Bob Minor

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

BadSuffix with 2.1b3 cgi (1997) Frames and WebCat (1997) RE: Adding headers to email (1997) [WebDNA] HTML5 (2010) New Plug-in and Type 11 errors (1997) WebDNA Solutions ... sorry! (1997) WebCat2b15MacPlugin - showing [math] (1997) webcat- multiple selection in input field (1997) Just a thought (1998) Multi Colonns (1998) Extended [ConvertChars] (1997) Nested tags count question (1997) Slightly off-topic hits to purchase ratio? (1999) Putting together a econimic server (2004) Links and Carriage Returns, Oh my! (2000) Sorting (2005) More on ShippingCost help needed (1998) upgrading (1997) Loop context to replace items (1998) Conversion calculators .. (2003)