Hello, On Wed, Dec 16, 2009 at 5:40 PM, Jiang Le <[email protected]> wrote:
> I was installing startssl cert on cherokee webserver. There are only > two fields in ssl section of cherokee's virtual host setting, > Certificate and Certificate Key. And can not find a place to set > SSLCertificateChainFile and SSLCACertificateFile. After I filled the > two fields and restart the server, everything is ok with safari but > firefox will popup a error. My os is ubuntu 9.04 64bit, my cherokee > web server is 0.99.34. I was told to install ca chain certificate. But > can find a place to set it up in cherokee. You have to append "sub.class1.server.ca.pem" to your Certficaficate (ssl.crt). Something like this: ========= $ cat sub.class1.server.ca.pem ssl.crt > ssl_chained.crt ========= And then, use "ssl_chained.crt" as Certificate on Cherokee. CA Certificate (ca.pem) is only needed when you want to accept or require user certificates. This file must contain certificates of the CAs whose clients you deal with. If that is your case, then select "Accept" or "Require" under "Advanced Options->Client Certs. Request" and enter the path to that file in "CA List" entry. You need to install the CA certificate (ca.pem) as trusted in your browsers as well. Hope this helps... ;) Extra bonus: Here is an example of chained certificates: http://code.google.com/p/cherokee/issues/detail?id=360&can=1&q=ssl#c17 -- Saludos: Antonio Pérez _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
