Re: OT: Thawte SSL on Mac OS X Server

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 61575
interpreted = N
texte = The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  2. Re: OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
  3. Re: OT: Thawte SSL on Mac OS X Server ( Bob Minor 2005)
  4. Re: OT: Thawte SSL on Mac OS X Server ( Phil Herring 2005)
  5. OT: Thawte SSL on Mac OS X Server ( charles kline 2005)
The cert generation has to be right or you could have problems. I also have to start my ssl sites after my server starts up. thankfully I only have to restart on apples security updates. Here is what I did for my servers: (when you see "domainA" it means your domain name without the quotes) cd dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainA".pem cp "domainA".pem /etc/httpd/ssl.key/domainA.key openssl req -new -key "domainA".pem -out "domainA"csr.pem (send contents of domainAcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainA.csr. I set up an ssl server instance and point the certificate file data to domainA.csr and the key file data to domainB.key as created above and enter the passphrase I enter when creating the server key) (On my second server and IP address I set continue as follows) dd if=/dev/randon of=rand.dat bs=1m count=1 openssl genrsa -rand rand.dat -des 1024 > "domainB".pem openssl req -new -key "domainB".pem -out "domainB"csr.pem (send contents of domainBcsr.pem to ca when I get the crt file back I place it in the ssl.crt folder naming it domainB.csr. I set up an ssl server instance and point the certificate file data to domainB.csr and the key file data to domainB.key as created above in set B and enter the passphrase I enter when creating the second server key) Hard Restart After a hard restart I find I have to turn off the instances of the ssl servers, then start the service. Once the service is up I check the ssl services and choose "Don't Restart". They start up fine and I am happy. I would love to get around all this but since its a live server I haven't been able to play much. All done! On Mar 26, 2005, at 3:55 PM, Phil Herring wrote: > Hi Charles, > > I tried everything to make this work, then I finally asked the Thawte > support folks to email the cert to me, spec'd for W* and OSX. It then > worked perfectly with the usual W* setup. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Bob Minor

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCatalog f2 Installation (1997) Bug or syntax error on my part? (1997) Problems reading files created by WC (1997) anyone have an automated template encrypter? (2000) b12 cannot limit records returned and more. (1997) getchars broken? (1997) multiple databases (1997) Me know logical no need (2002) [format 40s]text[/format] doesn't work (1997) Listserver problem (1997) Caching [include] files ... (1997) RE: Languages (1997) sorry (1997) Couple of techno questions (1999) customizing the color of user's pages (1997) [LOOKUP] (1997) Date Help! (2003) WebCat2.0b15-to many nested [xx] tags (1997) requiredfields HELP!! (2001) Help with [LineItems] in [OrderFile] on ShoppingCart.tpl (2003)