Article 8358 at 06/12/28 07:09:45 From: kenmarcus (at mark) precisionweb.net Subject: [coba-e:08358] Re: SSL Problems

Index: [Article Count Order] [Thread]
Date:  Wed, 27 Dec 2006 13:49:37 -0800
From:  "Ken Marcus - Precision Web Hosting, Inc." <kenmarcus (at mark) precisionweb.net>
Subject:  [coba-e:08358] Re: SSL Problems
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <00d501c72a00$e9edf080$6700a8c0@OfficeKen>
References:  <005801c729a9$004d3460$6600a8c0 (at mark) hundredacrewood.willspc.net>
X-Mail-Count: 08358


----- Original Message ----- 
From: "Will Nordmeyer" <will (at mark) willspc.net>
To: <coba-e (at mark) bluequartz.org>
Sent: Wednesday, December 27, 2006 3:20 AM
Subject: [coba-e:08352] SSL Problems


> I've got most of my sites switched over from a Cobalt RaQ4, but am having
> difficulties with SSL.
>
> 1)       I found that, apparently, Bluequartz & IE don't get along, so I
> can't do much of my SSL Certificate requirements with IE.  Are there plans
> to evaluate that issue and come up with a resolution (I have my server in 
> my
> trusted sites and have turned off all pop up blockers with regards to my
> domain)?
>
> 2)       I transferred a site with SSL enabled and it appeared to transfer
> the certificates, but when I go to the site in SSL Mode (it is still a
> placeholder site, so the old Cobalt 4 graphics don't come up) it gives me
> certificate errors and doesn't appear to properly have the dependent
> certificates loading (from directnic).
>
> I have the DirectNic certificates files in /home/httpd/conf/ssl.crt and
> have added the following section to httpd.conf:  I was following this 
> guide
> (for Raq3/raq4/XRT). and grabbed the SSL area of httpd.conf from my other
> cobalt server (ns1.wnahosting.com)
> https://secure.directnic.com/help/guides/index.php?guide_id=7#200
>
>
> <IfModule mod_ssl.c>
> SSLSessionCache         dbm:/var/log/httpd/ssl_scache
> SSLSessionCacheTimeout  300
> SSLMutex                file:/var/log/httpd/ssl_mutex
> SSLRandomSeed startup   file:/dev/urandom 512
> SSLRandomSeed connect   builtin
>
> # Location of a secondary signing authority certificate. Uncomment and 
> edit
> # the location if necessary if you install a secondary certificate.
> SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.txt
> SSLCertificateChainFile /etc/httpd/conf/ssl.crt/sf_issuing.crt
> </IfModule>
>
>
> When I restart httpd, I get these errors and am not sure where the 
> improper
> certificate got loaded (ns1.myservername.com is my old servername):
>
>
> [Tue Dec 26 18:34:07 2006] [warn] RSA server certificate CommonName (CN)
> `ns1.myservername.com' does NOT match server name!?
> [Tue Dec 26 18:34:08 2006] [notice] Digest: generating secret for digest
> authentication ...
> [Tue Dec 26 18:34:08 2006] [notice] Digest: done
> [Tue Dec 26 18:34:08 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Tue Dec 26 18:34:08 2006] [notice] LDAP: SSL support unavailable
> [Tue Dec 26 18:34:10 2006] [warn] RSA server certificate CommonName (CN)
> `ns1.myservername.com' does NOT match server name!?
> [Tue Dec 26 18:34:10 2006] [notice] Apache/2.0.52 (BlueQuartz) 
> configured --
> resuming normal operations
>
>
> Can you provide me with any assistance?
>
> --Will
>


For managing the certs, I use FireFox as IE will not pop up the CSR window.

And after migrating, I normally re-order and re-install the certs.



----
Ken Marcus
Precision Web Hosting, Inc.
http://www.precisionweb.net