Chris Buechler wrote:
On Thu, Jan 21, 2010 at 3:20 PM, Tancinco, Jon <[email protected]> wrote:
Hello.
I’d appreciate any help in getting GoDaddy wildcard certificates for Captive
Portal SSL Authentication page configured correctly for IE and Safari
browsers. I have entered the certificate and private key from the pem file
from GoDaddy.
Currently, the authentication page loads fine on Firefox – maybe a bit
slow. No SSL errors.
On Safari, the authentication page comes up with “can’t verify the identity
of the website”.
Using IE, I get the following “There is a problem with this website’s
security certificate.” error.
That's a problem with the cert. That means the CA that signed your
cert isn't trusted by those browsers. That's what you get at times
with cut rate CAs like Godaddy, though that's where we get our certs
and I haven't seen any such issues on ours, I have on other certs I've
gotten from Godaddy in the past. I would contact them and complain,
any cert you pay for should be recognized by all the major browsers.
We have a partnership with Network Solutions for certs from them and for
websites, there is a way to include intermediate CA certs to make the
certs from NetSol valid for all browsers.
SSLCertificateFile /etc/httpd/conf/ssl/<name of cert file>.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/<name of key>.key
SSLCertificateChainFile /etc/httpd/conf/ssl/inter_ca.crt
This last file is what does the magic for a webserver running Apache.
I don't know all the ins and outs of this, but this last file is the one
that completes the chain from the site cert to the CA certs. I would
bet there is something like that available for the GoDaddy certs, but if
pfSense has a way to include that I don't know.
Here's the link to NetSol's docs on this issue:
http://www.networksolutions.com/support/installing-ssl-certificate-topics/
(click on the big green plus symbol on this screen)
Here's a link at GoDaddy on their intermediate CA certs:
http://help.godaddy.com/article/869
Lyle Giese
LCR Computer Services, Inc.
