Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: Kobus on August 19, 2009, 05:44:20 PM

Title: SSL Certificate help needed
Post by: Kobus on August 19, 2009, 05:44:20 PM

I recently started to look at getting a signed SSL cert installed, but none of the posts i found was able to answer my questions.

I bought a SSL cert from PositiveSSL that uses the Komodo system. They sent me a ZIP file with the following files:
domain.co.uk.ca-bundle and .crt

How do I need to proceed to get this ssl cert installed and working?

Thanks

Kobus

Title: Re: SSL Certificate help needed
Post by: Stefano on August 19, 2009, 07:50:31 PM

kobus, maybe this (http://forums.contribs.org/index.php/topic,37634.0.html) can help you..

Ciao
Stefano

Title: Re: SSL Certificate help needed
Post by: Kobus on August 21, 2009, 11:48:40 AM

Hi

I read through this and basically it says:
1 create CSR
2 get cert
3 create crt
4 do config setprop modSSL crt /home/e-smith/ssl.crt/{domain}.crt
5 config setprop modSSL key /home/e-smith/ssl.key/{domain}.key

then i first tried signal-event console-save
and after that signal-event post-upgrade
signal-event reboot

but it still says the site uses a unsigned cert.

The other question I have is how do i enable seperate certs for seperate domains on the same sme?

Thanks

Kobus

Title: Re: SSL Certificate help needed
Post by: CharlieBrady on August 21, 2009, 12:56:19 PM

Quote from: kbensch on August 21, 2009, 11:48:40 AM

but it still says the site uses a unsigned cert.

Did you put your new key and signed crt where you told SME it would be?

Quote

The other question I have is how do i enable seperate certs for seperate domains on the same sme?

As has been said here and elsewhere many times, it is not possible. The certificate is used to negotiate SSL before the server is told in the request what domain name is being requested.

Title: Re: SSL Certificate help needed
Post by: janet on August 21, 2009, 01:51:11 PM

kbensch

Quote

The other question I have is how do i enable seperate certs for seperate domains on the same sme?

When you follow this howto
http://wiki.contribs.org/Custom_CA_Certificate

you run this routine
./cacert_csr_request

which will include all the domains on your server, and the certificate generated will work OK for all those domains.

Title: Re: SSL Certificate help needed
Post by: Kobus on August 21, 2009, 09:56:12 PM

Quote from: CharlieBrady on August 21, 2009, 12:56:19 PM

Did you put your new key and signed crt where you told SME it would be?

Yes I did. I checked it twice.

Title: Re: SSL Certificate help needed
Post by: Kobus on August 21, 2009, 09:57:13 PM

Quote from: mary on August 21, 2009, 01:51:11 PM

kbensch

When you follow this howto
http://wiki.contribs.org/Custom_CA_Certificate

you run this routine
./cacert_csr_request

which will include all the domains on your server, and the certificate generated will work OK for all those domains.

Hi Mary

I did run this file and will check this when I get the first one sorted, i.e. the fact that it is not seeing the new cert.