Re: OT: Thawte SSL on Mac OS X Server
This WebDNA talk-list message is from 2005
It keeps the original formatting.
numero = 61575
interpreted = N
texte = The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates.Here is what I did for my servers:(when you see "domainA" it means your domain name without the quotes)
cddd if=/dev/randon of=rand.dat bs=1m count=1openssl genrsa -rand rand.dat -des 1024 > "domainA".pemcp "domainA".pem /etc/httpd/ssl.key/domainA.keyopenssl req -new -key "domainA".pem -out "domainA"csr.pem(send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key)(On my second server and IP address I set continue as follows)dd if=/dev/randon of=rand.dat bs=1m count=1openssl genrsa -rand rand.dat -des 1024 > "domainB".pemopenssl req -new -key "domainB".pem -out "domainB"csr.pem(send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key)Hard RestartAfter a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much.All done!On Mar 26, 2005, at 3:55 PM, Phil Herring wrote:> Hi Charles,>> I tried everything to make this work, then I finally asked the Thawte> support folks to email the cert to me, spec'd for W* and OSX. It then> worked perfectly with the usual W* setup.-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates.Here is what I did for my servers:(when you see "domainA" it means your domain name without the quotes)cddd if=/dev/randon of=rand.dat bs=1m count=1openssl genrsa -rand rand.dat -des 1024 > "domainA".pemcp "domainA".pem /etc/httpd/ssl.key/domainA.keyopenssl req -new -key "domainA".pem -out "domainA"csr.pem(send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key)(On my second server and IP address I set continue as follows)dd if=/dev/randon of=rand.dat bs=1m count=1openssl genrsa -rand rand.dat -des 1024 > "domainB".pemopenssl req -new -key "domainB".pem -out "domainB"csr.pem(send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key)Hard RestartAfter a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much.All done!On Mar 26, 2005, at 3:55 PM, Phil Herring wrote:> Hi Charles,>> I tried everything to make this work, then I finally asked the Thawte> support folks to email the cert to me, spec'd for W* and OSX. It then> worked perfectly with the usual W* setup.-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Bob Minor
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
To Do list (2003)
Image Sizes (2003)
Re(2): Re(2): SSL, WebSTAR, WebCatalog (1998)
WebCatalog 2.0 & WebDNA docs in HTML ... (1997)
WebMerchant 1.6 and SHTML (1997)
[trim]?! (2004)
[OT] Robust order processing (2003)
NT [delete] (1998)
Convert Chars Issue? (2000)
[WebDNA] JSON parsing (2010)
Custom WebCat Prefs ... (1997)
raw=T is broken in [include] (1997)
Email Spam a bit of Hell (2004)
Signal Raised Error (Part III) (1997)
update on include (1997)
WCS Newbie question (1997)
RE: Missing contexts on NT (1997)
Orders w/in [sendmail] (1998)
docs for WebCatalog2 (1997)
Frames and WebCat (1997)