Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: rsliberty on April 18, 2007, 11:53:58 PM

Title: Custom ssl.conf help
Post by: rsliberty on April 18, 2007, 11:53:58 PM

I am preparing to install an SSL certificate which will be purchased from Verisign.

After much searching on the topic, I can only find how to install the .key and .crt files using the "config setprop" commands.

But I cant seem to find a simular command for specifying a path to the root CA certificate which is required for the certifcates to work correctly.

So I assume I will need to make a custom template for ssl.conf file

I am unsure exactly how and where I should make this template,
could anyone shed some light on how to make a custom template for
/etc/httpd/conf.d/ssl.conf

Any help would be greatly appreciated.

Thank you.

Title: Re: Custom ssl.conf help
Post by: william_syd on April 19, 2007, 12:43:07 AM

Quote from: "rsliberty"

I am preparing to install an SSL certificate which will be purchased from Verisign.

After much searching on the topic, I can only find how to install the .key and .crt files using the "config setprop" commands.

But I cant seem to find a simular command for specifying a path to the root CA certificate which is required for the certifcates to work correctly.

Doesn't the root CA cert live on the client computer?

Isn't Verisign root certs installed on most machines by default ?

Title: Custom ssl.conf help
Post by: rsliberty on April 19, 2007, 12:50:53 AM

This will be the first time I have installed an SSL on esmith.

Previous ones have been installed on mandrake/mandriva boxes and I have had to provide the following line for succesful implementation :

SSLCACertificateFile /path/to/intermediate.crt

So if the need arises, I am wanting to know how to make the custom-template for ssl.conf so I can set this line on esmith also.

Thanks for your reply!

Title: Custom ssl.conf help
Post by: william_syd on April 19, 2007, 08:14:40 AM

Thats a intermediate cert not a root cert or maybe a server cert in your case.

Does this help ?

http://bugs.contribs.org/show_bug.cgi?id=1779


What exactly do you have?

Server Cert?
Server Key?
Intermediate Cert?

On SME, the following modSSL properties correspond to the above...

crt
key
CertificateChainFile

Set them with....

config setprop modSSL crt /path/to/cert
config setprop modSSL key /path/to/key
config serprop modSSL CertificateChainFile /path/to/ccf  

expand-template /etc/httpd/conf/httpd.conf

/etc/rc7.d/S86httpd-admin restart
/etc/rc7.d/S86httpd-e-smith restart

Title: Re: Custom ssl.conf help
Post by: rlaperu2 on October 31, 2007, 04:55:50 PM

Run for you ?????

What was the solution ????? I also buy SSL to Verisign, I can not install

Title: Re: Custom ssl.conf help
Post by: edb on November 01, 2007, 02:16:32 AM

I created a separate CA directory under the ssl.crt & ssl.key folders then I renamed the key & crt files according to my config and put the files in the CA folder.

Then issue the commands:

/sbin/e-smith/config setprop modSSL crt /home/e-smith/ssl.crt/ca/servername.domain.ca.crt
/sbin/e-smith/config setprop modSSL key /home/e-smith/ssl.key/ca/servername.domain.ca.key
signal-event post-upgrade; signal-event reboot


Without the signal-event commands it won't be permanent!

edb