Did a leap of faith and tried merging the three certificates into one file, no success:
http://www.digicert.com/ssl-support/pem-ssl-creation.htm On Tue, Jan 29, 2013 at 6:29 PM, Rudy Matela <r...@matela.com.br> wrote: > Hello, > > I'm using Kannel for a while. And I'd like to activate ssl for it. > > I have a certificate that works well for my apache web server. It is > made by 3 files configured on Apache as follows: > > SSLCertificateFile mycertificatefile.crt > SSLCertificateKeyFile myprivatekey.key > SSLCertificateChainFile myintermediate.ca.pem > SSLCACertificateFile myca.pem > > As you can see, to make it work, I had to add an intermediate > certificate chain file. And a CA certificate file. There is no option > for that on Kannel. Is there a way to add that? Maybe put the contents > of myca and myintermediate inside mycertificate. Has anyone tried > that? > > My wget works my website: > > wget https://example.com > > but it does not work on kannel: > > wget https://example.com:13013/send-sms > --2013-01-29 18:12:41-- https://example.com:13013/send-sms > Resolving example.com (example.com)... 127.0.0.1 > Connecting to example.com (example.com)|127.0.0.1|:13013... connected. > ERROR: cannot verify example.com's certificate, issued by > ‘/C=IL/O=SomeIssuer Ltd. Primary Intermediate Server CA’: > Unable to locally verify the issuer's authority. > To connect to example.com insecurely, use `--no-check-certificate'. > > Regards, > Rudy > > PS: > I've already configured my keys and HTTP access. > > group = core > ssl-server-key-file = "/etc/ssl/private/mycertificate.crt" > ssl-server-cert-file = "/etc/ssl/certs/myprivatekey.crt" > admin-port-ssl = true > > group = smsbox > sendsms-port-ssl = true > > Also, my web browser already recognizes the keys without the need to > configure the Intermediate Server CA (since it trusts the authority of > the issues). Wget (and a bunch of other client libs) do not, and > expect the web server to respond indicating a intermediate server CA. > > PS2: > > Did some research already but found nothing here in the list. > > Regards, > Rudy
