Thanks, Eric, and sorry if I sounded miffed... it's been a long day.
I installed the new certificate and looked at it on a Netscape 6 client, and
it all seems to be working OK. Kinda. It sows that Verisign is the signer,
but then when I click on the certificate from there, it says that it can't
verify it. However, it said that before I installed the new certificate too,
so I don't know if this is a real problem.
But you've answered my question... it's the ca-bundle.crt file. I just
replaced that, and it seems to be working. Still getting that verification
thing, though, but only with Netscape 6. Netscape 4.7 says it's OK.
If you want to try it, go to https://www.ascp.com/secure/membership/renew/
in Netscape 6 and click on the lock icon in the lower-right corner of the
window. In the resulting window, click the View button. This tells me it
could not verify.
In any event... Thanks!
> From: "Tenon Support" <support@xxxxxxxxxxxxxx>
> Reply-To: webten@xxxxxxxxxxxxxxx
> Date: Thu, 25 Apr 2002 14:08:25 -0700
> To: webten@xxxxxxxxxxxxxxx
> Subject: Re: Installing new SSL Certificate and Intermediate CA
>
> Ed,
>
> We did not mean to neglect you!. I thought someone else had answered.
>
> I belive that an intermediate certificate is the same as a CA
> (Certificate Authority?) certificate. It basically transmits some
> information about the signing authority. People who use global fax
> or other less widely used authorities to get their certs will
> generally need to replace the ca-bundle.crt with the file from the
> signing authority.
>
> Since the config files point to tenon/ssl/ca-certs/ca-bundle.crt, all
> you need to do is backup that file and replace it with the one from
> your signing authority. If you are good with BBEdit, you can append
> yours to the bottom instead.
>
> With out it, a browser could report "unknown signing authority" or
> some similar error. Basically the intermediate cert ties the signing
> authority on your certificate to one the browser recognizes as
> secure????
>
> TTS
> --Eric
>
>> Well, never mind. I just pasted in the new certificate into my
>> (IP.address.crt) file, and it worked.
>>
>> Still wish I knew what was going on with the Intermediate CA thing, though.
>>
>> Does nobody else here use secure server? Not even anyone from Tenon? I see
>> that Tenon Support just answered someone else's question, but not mine. Why
>> is that?
>>
>>> From: Ed Pastore <EPastore@xxxxxxxx>
>>> Reply-To: webten@xxxxxxxxxxxxxxx
>>> Date: Thu, 25 Apr 2002 11:24:24 -0400
>>> To: <webten@xxxxxxxxxxxxxxx>
>>> Subject: Re: Installing new SSL Certificate and Intermediate CA
>>>
>>> But when I went to get my new cert from VeriSign, they said they have a new
>>> Intermediate CA, and I need to install that. Does anyone know where that
>>> goes?
>>>
>>> I kinda know *what* it is... I believe an Intermediate CA is an
>> extra amount
>>> of code that adds a layer of encryption to the certificate. Without it, I'm
>>> concerned that my new certificate may not work.... But I don't understand
>>> where it gores, and I don't want to go through a bunch of restarts on my
>>> live server to figure it out, if I can avoid it....
>>>
>>> TIA!
>>>
>>>> From: Terry Allen <hmag@xxxxxxxxxxxxxx>
>>>> Reply-To: webten@xxxxxxxxxxxxxxx
>>>> Date: Thu, 25 Apr 2002 08:45:05 +1000
>>>> To: webten@xxxxxxxxxxxxxxx
>>>> Subject: Re: Installing new SSL Certificate and Intermediate CA
>>>>
>>>>> This seems so easy, but I'm not finding it in any manual.
>> Please help if you
>>>>> can. I just ordered my renewal of my SSL Certificate from
>> VeriSign. I think
>>>>> all I have to do is:
>>>>>
>>>>> 1. Paste it into the file named: (IP.address.crt) in my tenon/ssl/certs
>>>>> folder.
>>>>>
>>>>> 2. Then I have to make sure that file has Unix line breaks or
>> (undocumented
>>>>> bug) it completely freezes the computer.
>>>>>
>>>>> 3? Then... what do I do with the intermediate CA? VeriSign says
>> they have a
>>>>> new one and I have to install it. It is listed here:
>>>>> http://www.verisign.com/support/install/intermediate.html
>>>>>
>>>>> In tenon/ssl/cacerts, I have two files:
>>>>> ca-bundle.crt
>>>>> gsid.crt
>>>>>
>>>>> Does it go in one of these or something? And am I missing
>> anything else? Is
>>>>> this documented somewhere? Any help would be appreciated.
>>>>>
>>>>> P.S. VeriSign has Apache instructions,
>>>>> <http://www.verisign.com/support/install/apache/v00g.html>, but I presume
>>>>> WebTen is more automated than that....
>>>>
>>>> Hi again,
>>>> I cant specifically answer your question, but after only just
>>>> getting a cert set up on my WebTen server, I just pasted the cert from the
>>>> Thawte generated page into a BBEdit page, then put it into the appropriate
>>>> spot in the WebTen/tenon/ssl directory & restarted - voila - worked.
>>>> I would assume that Verisign (being Thawte's parent company), do it
>>>> similarly - if they have already issued the new cert, I guess you just
>>>> replace the old with the new & it should work. On another list I am on,
>>>> someone mentioned that you simply insert your old cert into their renewal
>>>> screen & pay the renewal & you don't need to do anything else -
>> they update
>>>> their details & you keep using the old one.
>>>>
>>>>
>>>> Bye for now, Terry Allen
>>>> ___________________________________________________________________
>>>> hEARd
>>>>
>>>> Postal Address:
>>>> hEARd
>>>> c/o 128 The Entrance Rd
>>>> The Entrance
>>>> NSW 2261
>>>> Australia
>>>>
>>>> Internet -
>>>> WWW:
>>>> http://heard.com.au or http://www.ozemail.com.au/~hmag
>>>> http://hosting.heard.com.au
>>>>
>>>> Interactive Message Board - http://heard.com.au/wwwboard/
>>>>
>>>> EMAIL: (checked every Thursday & Sunday, sometimes more often)
>>>> hmag@xxxxxxxxxxxxxx
>>>>
>>>> -----------------------------------------------
>>>> Non profit promotion for new music - since 1994
>>>> -----------------------------------------------
>>>> Also, check out the Educate site - http://www.educate.net.au
>>>>
>>>>
>>>>
>>>
>>>
>
>
|
