12 Bře
2009
12 Bře
'09
16:36
Petur Kirke píše v Čt 12. 03. 2009 v 15:17 +0000:
Does this look ok or not:
SSLCertificateFile /fred.crt
SSLCertificateKeyFile /verisign.key
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
SSLCACertificateFile /verisign.crt
This is not OK. In this configuration your client certificates must be
signed by verisign.
If you don't care about certificates, put there this:
# SSL configuration
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP
SSLVerifyClient require
SSLCertificateFile /usr/share/fred-mod-eppd/ssl/test-cert.pem
SSLCertificateKeyFile /usr/share/fred-mod-eppd/ssl/test-key.pem
SSLCACertificateFile /usr/share/fred-mod-eppd/ssl/test-cert.pem
Providing that you installed fred-mod-eppd-2.1.0 by combination
configure
make
make install
Otherwise unpack this certificate from packages, put it somewhere and
update path in SLL* options.
test-[cert,key] is self signed certificate with long (10 years)
validity. It can be used as a CA certificate and also as a client
certificate (it's self-signed). Default installation of fred-client is
packed with this certificate.
Regards,
Jaromir
________________________________________
Fra: fred-users-bounces(a)lists.nic.cz [fred-users-bounces(a)lists.nic.cz] På vegne
af Vitezslav Novy [vnovy(a)vnovy.net]
Sendt: 12. marts 2009 14:03
Til: fred-users(a)lists.nic.cz
Emne: Re: certificate
Petur Kirke wrote:
I tried to install a new certificate, but this
gives me this error:
ERROR: socket.sslerror: (1, 'error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca') (localhost:700)
Certificate not signed by verified certificate authority.
Any certificate specialist there ? :)
Is new certifikate signed by same CA certificate as old one?
If not, did you changed certificate in file pointed by apache directive
SSLCACertificateFile ??
v.
_______________________________________________
Fred-users mailing list
Fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users
This email and its attachments may be confidential and are intended solely for the use of
the individual to whom it is addressed.
If you are not the intended recipient or authorized to receive information for the
intended recipient you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly prohibited. If the
email contains proposals, they are valid for 30 days following the date of email
transmission. Finally, the recipient should check this email and any attachment for the
presence of viruses. The company accepts no liability for any damage caused by any virus
transmitted by email.
_______________________________________________
Fred-users mailing list
Fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users