Re: OT: Thawte SSL on Mac OS X Server

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 61575
interpreted = N
texte = The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  2. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  3. Re: OT: Thawte SSL on Mac OS X Server ( Bob Minor 2005)
  4. Re: OT: Thawte SSL on Mac OS X Server ( Phil Herring 2005)
  5. OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Bob Minor

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

splitting numbers in webDNA? (1997) Public Beta for WebCatalog 4.0 is Available (2000) OT JavaScript question (1999) Macauth: Dates and No Scripting... (1997) (2000) Status of variable hierarchy changes? (2000) Entry pages (was: WebCatalog MAJOR drawback) (1998) Fwd: Image Pirating [protecting against] (2003) [WebDNA] Add to cart (2014) Question about links (1999) [BULK] [WebDNA] WebDNA Code and HTML WYSIWYG Editors (2011) Help w/ Duplicating The General Store 5 times. (1997) WebCommerce: Folder organization ? (1997) WebCat2b13 Command Reference Doc error (1997) Date Formats (1997) searchable list archive (1997) [WebDNA] Need to convert unix date? (2009) customer.db and forms (1999) I don't think my install worked (2003) Looking up two prices in Formulas.db (1997)