Re: OT: Thawte SSL on Mac OS X Server

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 61575
interpreted = N
texte = The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  2. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  3. Re: OT: Thawte SSL on Mac OS X Server ( Bob Minor 2005)
  4. Re: OT: Thawte SSL on Mac OS X Server ( Phil Herring 2005)
  5. OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Bob Minor

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Emailer help....! (1997) [format 40s]text[/format] doesn't work (1997) WC2b12: Yes, Formulas.db is for real (1997) Re:Emailer and encryption (1997) Bug Report, maybe (1997) Problems with [Applescript] (1997) Signal Raised Error (1997) Date Sorting (1997) dynamic giffing. (2000) File upload woes (1998) Header values are not accepted (1998) [WebDNA] [OT] economical reliable SSL certs? (2009) Strange error (2000) WebMerchant when CC network is down (1998) Moment of Thanks (1997) Initiating NewCart (1997) Multiple catalog databases and showcart (1997) WebCat2: Found Items syntax, etc. (1997) Where is eudora plugin? (1998) Showif, Hideif reverse logic ? (1997)