Topic: Third party ssl certificate

[aschewin]

Hi all,

I read through the forums and saw that it is not possible to install or modify the SSL certificate for a virtual domain on e-smith , so I need to look at the next best thing...Can I buy a third party (say verisign) certificate and install in on e-smith?

Thanks,

[Patrick Hickey]

Sure, you can install a third party SSL Cert.

What you must know is that for "personal" use you may find it difficult to "authenticate" with the root servers. The Cert folks generally require proof of running a business, etc to qualify for an authentic server cert.

The individual needs to provide tons of material and one item which usualy stops the individual user is the Business License or Proof of Business Name, etc.

regards,

patrick

[Andrei]

Ok but is the process of installing the cert simple?

[saul]

Actually, that is why I need the cert, otherwise I wouldn't care, but it is indeed for a business and the owner did not like being told that the certificate being shown belonged to another domain(his real domain), so he wants to get rid of it ASAP. So how easy is it to install? The place I looked at has linux instructions, but not for E-smith (which rocks!).

Here is the place I want to use : http://www.instantssl.com/products/instantssl_pro.html

[Charlie Brady]

aschewin wrote:

> I read through the forums and saw that it is not possible to
> install or modify the SSL certificate for a virtual domain on
> e-smith , so I need to look at the next best thing...Can
> I buy a third party (say verisign) certificate and install in
> on e-smith?

If you manage to get such a certificate, you can configure Apache to use your new certificate by doing:

/sbin/e-smith/config setprop modSSL crt /path/to/your/cert
/sbin/e-smith/config setprop modSSL key /path/to/your/key
/sbin/e-smith/signal-event ldap-update

You will still have the same certificate no matter what virtual domain is accessed.

Charlie

[Charlie Brady]

saul wrote:

> Actually, that is why I need the cert, otherwise I wouldn't
> care, but it is indeed for a business and the owner did not
> like being told that the certificate being shown belonged to
> another domain(his real domain), so he wants to get rid of it
> ASAP.

But what about his "real domain"? That will use the same certificate. If you "fix" the virtual domain, you will "break" the real domain.

Charlie

[aschewin]

His real domain will just be used for general info about his business and how to contact him or sales, his website will sell all the stuff. Thank you for the info on how to install the certificate!

[aschewin]

>If you manage to get such a certificate, you can configure Apache to use your >new certificate by doing:

>/sbin/e-smith/config setprop modSSL crt /path/to/your/cert
>/sbin/e-smith/config setprop modSSL key /path/to/your/key
>/sbin/e-smith/signal-event ldap-update

>You will still have the same certificate no matter what virtual domain is accessed.

>Charlie

Charlie going along this line of thinking, I know I can create the scr using:
openssl req –new –nodes -keyout myserver.key –out server.csr.

So I enter the domain name for the virtual domain. Can I use that for it? At least it would remove the "does not match domain" error. If so, where can I get a guide for installing the new cert using www.virtualdomain1.com??

Thanks.