> > William Moore wrote: > > > > > I just bought a 128bit certificate from Geotrust ( formerly equifax ) > > > the thing installed fine, no problems but when you go to the > > site that is > > > protected > > > by it, a popup comes up telling you the cert is self signed > ?? Also no > > > where on the cert does it tell you that it is by geortrust > > > > > > is this a problem with the cert I bought or did I do something wrong ?
I did an update for this whilst I was still at Cobalt but it didn't get through to being released for some reason, anyway I have now updated it and released it through www.CobaltWorld.com under pkgfactory downloads RaQ4 Basically it now includes the certificate bundle from IE6 found on the openssl site (like it or not a large proportion of web users use IE in some form and they probably have the most complete CA bundle) the pkg copies and installs the bundle and then removes a # from httpd.conf - every step is backed up and the uninstall in /var/lib/cobalt/uninstallers works cleanly. I am fairly sure this will solve the Geotrust cert problem as well as Entrust, Equifax and many others, Cobalt by default only accepts Thawte and Verisign. If you want to do this manually then follow the steps below Copy a ca-bundle.crt file or the server cert supplied by your Authority to /etc/http/conf and name it as ca-bundle Edit httpd.conf and find #SSL uncomment and save Restart httpd with /etc/rc.d/init.d/httpd restart or /etc/rc.d/init.d/httpd reload which is cleaner to users I'm told but I'm not sure if it is enough for this process. Now you can enter your site certificate in the UI as normal and it should get recognized if any one finds certs that don't using this method or my pkg then please mail me at [EMAIL PROTECTED] and I will look into it further. This has not been tested on a RaQ3 I need to build a box up later to check, I believe it is similar but I don't think it is the same. If anyone has a new XTR and can do a quick search in httpd.conf for #SSL and let me know I will do a pkg for them as well. Hope this helps Gavin _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
