Also note that when adding the certifcate chain to the CERTIFICATE_FILENAME_LIST option in run-config.sh, the order of the certificates in the chain is relevant! So, the first value of CERTIFICATE_FILENAME_LIST needs to be your certificate. The second needs to be the CA's certificate that signed your certificate, the third needs to be the CA's certificate that signed the previous CA's certificate, and so on.. I had this as the value of CERTIFICATE_FILENAME_LIST:
CERTIFICATE_FILENAME_LIST=/opt/certs/cert-573-wave.surfnetlabs.nl.pem,/ opt/certs/3.pem,/opt/certs/2.pem,/opt/certs/1.pem Note that you could also put the complete CA chain into one file, but the order of the certificates in this chain file is important so make sure the most specific CA certificate is at the top of this file.. Regards, Peter Clijsters On Nov 3, 7:29 am, James Purser <[email protected]> wrote: > On Mon, 2009-11-02 at 22:40 -0600, Matt Richards wrote: > > On a similar note, I think I'm missing something more basic for my > > cacert.org certs to work.. > > Okay, I'm going to re-write the cert how to on wavingtheshiny, however > here it is in a nutshell. > > - Generate a private key > - Use the private key to generate a Certificate Request > - Sign up with Startssl > - Submit the Certificate Request to Startssl to generate your new > certificate > - Once the certificate has been generated copy the text and put into a > new text file something like wave_cert.crt. > - Download the intermediate certificate from Startssl (you can find them > through the control panel). You will most likely need Class 1 Server > Intermediate Certificate > - Set up run-config in the following way: > > PRIVATE_KEY_FILENAME=wave_cert.key (this is the private key we generated > at the start). > CERTIFICATE_FILENAME_LIST=wave_cert.crt,sub.class1.server.ca.pem > > This will create a chained certificate. If all goes well your server > should start up without complaint. > -- > James Purser > Collaborynthhttp://collaborynth.com.au > Mob: +61 406 576 553 > Skype: purserj1977 > Twitter:http://twitter.com/purserj --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
