Topic: install certificate following HOWTO

[BlueLake]

I have followed the instructions (and searched forums for answers) using the HOWTO by Dietmar Berteld on installing a certificate. On the line /etc/e-smith/templates-custom/home/e-smith/ssl.crt I get line 25 syntax error near unexpected token '(' removing this and its companion and repeating the process I then get a line 37 syntax error 'C' ....there may be others but this is as far as I dare go. Have I missed a command out somewhere!!. There is no mention of anything above this. or do I need to add something to the /etc/e-smith....line???

[CharlieBrady]

I have followed the instructions (and searched forums for answers) using the HOWTO by Dietmar Berteld on installing a certificate.

What is the URL of that howto?

On the line /etc/e-smith/templates-custom/home/e-smith/ssl.crt I get line 25 syntax error near unexpected token '(' removing this and its companion and repeating the process I then get a line 37 syntax error 'C' ....

You don't need any custom templates to deploy a third party SSL certificate. I

[CharlieBrady]

What is the URL of that howto?

I guess you mean:

http://wiki.contribs.org/Certificate

You don't need any custom templates to deploy a third party SSL certificate. I

See the section headed "Custom Certificate for SME 7.1.3 and above". That's all you need to do (delete your custom template). The rest of the HOWTO should just be deleted - it's obsolete (7.1.3 was a long time ago now).

[BlueLake]

Hi

I guess you mean the following HOWTO http://wiki.contribs.org/Custom_CA_Certificate which looks extreemly complicated...!

[BlueLake]

Hi again

Yes! I see the section you refered to...so thats all I need to do? those five lines of commands after deleting the the last HOWTO.

[Laager]

I have followed the instructions (and searched forums for answers) using the HOWTO by Dietmar Berteld on installing a certificate. On the line /etc/e-smith/templates-custom/home/e-smith/ssl.crt I get line 25 syntax error near unexpected token '(' removing this and its companion and repeating the process I then get a line 37 syntax error 'C' ....there may be others but this is as far as I dare go. Have I missed a command out somewhere!!. There is no mention of anything above this. or do I need to add something to the /etc/e-smith....line???

Have a look at what I did:

http://forums.contribs.org/index.php/topic,44321.0.html

[BlueLake]

Hi Laager and thanks for the reply...

I guess what I am really after is the padlock icon when someone goes to a secure site. I am setting up an ecommerce web site for my wifes business (bed and breakfast) and need to assure customers the site is valid, for obvious reasons. But from what I have read in this forum and via Google pages I think its going to cost money. I did read your post and it seems you had a similar problem. Would signing my own certificate count as secure. Surely every SCAM site does this? - hence the cost involved in bona-fida certificates. If there is a solution (without to much cost involved) I would love to know it.

[piran]

Your SME is secure and a self-signed certificate is 'OK'.
Glibly: to be perceived as 'secure' your average visitor's
browser has be assured by an apparently trustworthy
path of apparently authorised signatories. The latter
can only be deemed thus by, for instance, topping up
M$ coffers, Yes, that secure trust can be purchased...
These people then charge out that implied trust by
letting you use their virtual key, the one that M$
now includes in its trust path not because they
are particularly trustworthy but because M$ has
been paid;~) So, trust is what you make of it and
usually this costs. Any other path always results in
an inferior 'customer experience' ie they are forced
to see really off-putting messages or having to
apparently 'trust' blindly. It's a can of worms that
is tightly controlled by finances. If you want in then
you have to cough up. If you don't then you have
to accept that your customers will see quite scary
messages. The 'trust' isn't trust, it just means
you can afford the ante to be perceived thus.
Only way around the cartel is for, somehow, an
Open Source type of trust authority to make first
base and beyond with the fee-accepting majors...
It might happen. Then again it might not.
OTOH would you 'trust' a free certificate;~)

[BlueLake]

Yes I take your point. Having made a quiet a good living as a programmer for Microsoft I do not feel I want to give it all back. There must be a good gap in the market for a "Trusted" open source certificate.

[piran]

Yes I take your point. ... There must be a good gap in the market for a "Trusted" open source certificate.

...but when. And I can't see it happening for B&B's
and other small businesses like a lot of us represent;~/

[janet]

BlueLake

There must be a good gap in the market for a "Trusted" open source certificate.
[/quote]

http://wiki.contribs.org/Custom_CA_Certificate

[cactus]

There must be a good gap in the market for a "Trusted" open source certificate.

There is... and it is long since been filled, have a look at http://www.cacert.org/.

[piran]

There is... and it is long since been filled, have a look at http://www.cacert.org/.

Not filled. No more than partially addressed.
Last time I looked into their offering I couldn't get more
than 6mths, was physically located absolutely nowhere
near anybody with any transferable trust, still had to
explain to my mystified customers why they were being
'forced' to accept a root trust (beforehand) and still had
scary messages with which to contend. It still costs to
get transparent 'trust', the sort everyone expects
nowadays in commercial/ecommerce situations.
Then there's the knotty issue of only one cert per SME
with respect to (open or commercial) certs. And Cacert
had great trouble with servername.mydomain.com and
plain old mydomain.com that was preferable for the site.
So "filled"... no, not yet.

[PostEdit: amended 'SSL' to 'cert']

[BlueLake]

Well said Cactus...so what would it take to establish a recognised authority that could guarantee a certificate for small business. This is the market gap, and one that could represent a big percentage of the people who actually need the padlock symbol on their sites without having to take out a second mortgauge to the large corporations that dictate how we should all behave on the web. Surely this could be overcome with some very serious thought and some dedicated proffesionals....You have my attention.

[CharlieBrady]

so what would it take to establish a recognised authority that could guarantee a certificate for small business.

A hell of a lot of market clout. So lots of time and money. I don't think anyone here is going to get that task done.