Hello Chris, I am glad it helps you it is indeed the note I have taken while doing this on one of my server few months ago. I saved it as a draft for a blog post but never took the time to polish it and document it properly.
The irony of it is that now it is so old in my memory that I can't write it without redoing it completely. I would appreciate if you could had some detailed information to complement the existing pieces : ----------8<-------------------------------- ====== ssl ====== Not the easiest thing on earth but not impossible. First of all this is a free process so you do not have any excuse for not allowing this on your web site if you require the user to login. startssl * http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars/1 * https://ziyan.info/2009/10/how-to-secure-your-website-using-ssl-for-free/ cherokee ====== The [ssl documentation for cherokee](http://www.cherokee-project.com/doc/cookbook_ssl.html) is not much useful for once. How to enable the SSL support? SSL support is not enabled by default. You will have to perform three straightforward actions is order to enable it: 1. The first step is to enable a TLS/SSL engine. The option is located in the General configuration setting. Cherokee is shipped with a libssl plug-in. 2. Once the engine is configured, a new binding port must be configured. By default, HTTPS uses the port 443. Remember to add this port, and to check the TLS toggle button. 3. The last step would be to assign SSL certificates to the virtual servers, starting with the default virtual server. Cherokee uses SNI to distinguish between virtual servers, the certificate specified in the default server will be used in the first negotiation. If not present, the startup sequence will fail. The configuration is found inside each virtual server configuration, under the Security tab. If 1 and 2 are relatively straight forward it took me a while to understand what exactly need to be done in the last step. The hard part is that you have to concatenate your certificate and the one from startssl certificates into a single file. in order to use them in cherokee. This is undocumented and I only find it out thanks to SmileyChris which went through this process few days before me. -----------8<------------------------------- On Mon, Jun 21, 2010 at 2:43 AM, Chris Malton <[email protected]> wrote: > On 20/06/2010 22:34, Stefan de Konink wrote: > > Op 20-06-10 23:26, Chris Malton schreef: > > > >> On 20/06/2010 22:24, Stefan de Konink wrote: > >> > >>> Some issues are being adressed (load issue is solved in SVN). But the > >>> time out issues is still open. Help from more devs would be nice. > >>> > >>> > >> Does this mean pages should load on SSL then? Because I'm not seeing > >> that with latest SVN (revision 5211). > >> > > They should... but some request 'mysteriously' time out. > > > > > > Stefan > > > Finally solved - Followed http://dpaste.com/209599/ to the letter and > catted a few certs together. Working flawlessly now. > > Thanks whoever posted that (I'd just left the channel). > > Chris > _______________________________________________ > Cherokee mailing list > [email protected] > http://lists.octality.com/listinfo/cherokee >
_______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
