Re: OT: Thawte SSL on Mac OS X Server

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 61575
interpreted = N
texte = The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  2. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  3. Re: OT: Thawte SSL on Mac OS X Server ( Bob Minor 2005)
  4. Re: OT: Thawte SSL on Mac OS X Server ( Phil Herring 2005)
  5. OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Bob Minor

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

To Do list (2003) Image Sizes (2003) Re(2): Re(2): SSL, WebSTAR, WebCatalog (1998) WebCatalog 2.0 & WebDNA docs in HTML ... (1997) WebMerchant 1.6 and SHTML (1997) [trim]?! (2004) [OT] Robust order processing (2003) NT [delete] (1998) Convert Chars Issue? (2000) [WebDNA] JSON parsing (2010) Custom WebCat Prefs ... (1997) raw=T is broken in [include] (1997) Email Spam a bit of Hell (2004) Signal Raised Error (Part III) (1997) update on include (1997) WCS Newbie question (1997) RE: Missing contexts on NT (1997) Orders w/in [sendmail] (1998) docs for WebCatalog2 (1997) Frames and WebCat (1997)