Re: Installing new SSL Certificate and Intermediate CA

["Tenon Support" <support@xxxxxxxxxxxxxx>]

Ed,

We did not mean to neglect you!.  I thought someone else had answered.

I belive that an intermediate certificate is the same as a CA 
(Certificate Authority?) certificate.  It basically transmits some 
information about the signing authority.  People who use global fax 
or other less widely used authorities to get their certs will 
generally need to replace the ca-bundle.crt with the file from the 
signing authority.

Since the config files point to tenon/ssl/ca-certs/ca-bundle.crt, all 
you need to do is backup that file and replace it with the one from 
your signing authority.  If you are good with BBEdit, you can append 
yours to the bottom instead.

With out it,  a browser could report "unknown signing authority"  or 
some similar error.  Basically the intermediate cert ties the signing 
authority on your certificate to one the browser recognizes as 
secure????

TTS
--Eric

> Well, never mind. I just pasted in the new certificate into my
> (IP.address.crt) file, and it worked.
>
> Still wish I knew what was going on with the Intermediate CA thing, though.
>
> Does nobody else here use secure server? Not even anyone from Tenon? I see
> that Tenon Support just answered someone else's question, but not mine. Why
> is that?
>
> >  From: Ed Pastore <EPastore@xxxxxxxx>
> >  Reply-To: webten@xxxxxxxxxxxxxxx
> >  Date: Thu, 25 Apr 2002 11:24:24 -0400
> >  To: <webten@xxxxxxxxxxxxxxx>
> >  Subject: Re: Installing new SSL Certificate and Intermediate CA
> >
> >  But when I went to get my new cert from VeriSign, they said they have a new
> >  Intermediate CA, and I need to install that. Does anyone know where that
> >  goes?
> >
> >  I kinda know *what* it is... I believe an Intermediate CA is an extra amount
> >  of code that adds a layer of encryption to the certificate. Without it, I'm
> >  concerned that my new certificate may not work.... But I don't understand
> >  where it gores, and I don't want to go through a bunch of restarts on my
> >  live server to figure it out, if I can avoid it....
> >
> >  TIA!
> >
> > >  From: Terry Allen <hmag@xxxxxxxxxxxxxx>
> > >  Reply-To: webten@xxxxxxxxxxxxxxx
> > >  Date: Thu, 25 Apr 2002 08:45:05 +1000
> > >  To: webten@xxxxxxxxxxxxxxx
> > >  Subject: Re: Installing new SSL Certificate and Intermediate CA
> > >
> > > >  This seems so easy, but I'm not finding it in any manual. Please 
> > > > help if you
> > > >  can. I just ordered my renewal of my SSL Certificate from 
> > > > VeriSign. I think
> > > >  all I have to do is:
> > > >
> > > >  1. Paste it into the file named: (IP.address.crt) in my tenon/ssl/certs
> > > >  folder.
> > > >
> > > >  2. Then I have to make sure that file has Unix line breaks or 
> > > > (undocumented
> > > >  bug) it completely freezes the computer.
> > > >
> > > >  3? Then... what do I do with the intermediate CA? VeriSign says 
> > > > they have a
> > > >  new one and I have to install it. It is listed here:
> > > >  http://www.verisign.com/support/install/intermediate.html
> > > >
> > > >  In tenon/ssl/cacerts, I have two files:
> > > >  ca-bundle.crt
> > > >  gsid.crt
> > > >
> > > >  Does it go in one of these or something? And am I missing 
> > > > anything else? Is
> > > >  this documented somewhere? Any help would be appreciated.
> > > >
> > > >  P.S. VeriSign has Apache instructions,
> > > >  <http://www.verisign.com/support/install/apache/v00g.html>, but I presume
> > > >  WebTen is more automated than that....
> > >
> > >  Hi again,
> > >  I cant specifically answer your question, but after only just
> > >  getting a cert set up on my WebTen server, I just pasted the cert from the
> > >  Thawte generated page into a BBEdit page, then put it into the appropriate
> > >  spot in the WebTen/tenon/ssl directory & restarted - voila - worked.
> > >  I would assume that Verisign (being Thawte's parent company), do it
> > >  similarly - if they have already issued the new cert, I guess you just
> > >  replace the old with the new & it should work. On another list I am on,
> > >  someone mentioned that you simply insert your old cert into their renewal
> > >  screen & pay the renewal & you don't need to do anything else - they update
> > >  their details & you keep using the old one.
> > >
> > >
> > >  Bye for now, Terry Allen
> > >  ___________________________________________________________________
> > >  hEARd
> > >
> > >  Postal Address:
> > >  hEARd
> > >  c/o 128 The Entrance Rd
> > >  The Entrance
> > >  NSW    2261
> > >  Australia
> > >
> > >  Internet -
> > >  WWW:
> > >  http://heard.com.au or http://www.ozemail.com.au/~hmag
> > >  http://hosting.heard.com.au
> > >
> > >  Interactive Message Board - http://heard.com.au/wwwboard/
> > >
> > >  EMAIL: (checked every Thursday & Sunday, sometimes more often)
> > >  hmag@xxxxxxxxxxxxxx
> > >
> > >  -----------------------------------------------
> > >  Non profit promotion for new music - since 1994
> > >  -----------------------------------------------
> > >  Also, check out the Educate site - http://www.educate.net.au