Announcement

Collapse
No announcement yet.

SSL,MvCALL, and Certs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    SSL,MvCALL, and Certs



    Greetings,
    I have a few questions so I'll try to keep it as short as I can.

    1: Some time back when MvCALL first started supporting ssl, i was
    having trouble getting it to work. I found this post here and tried it =
    and
    it solved the problem. Granted I was only trying to MvCALL a page on my =
    own
    secure domain from the same unsecure domain.


    > -----Original Message-----
    > From: [email protected] [mailto:[email protected]]On
    > Behalf Of Hubbard, David
    > Sent: Saturday, December 07, 2002 6:15 PM
    > To: 'Craig'; [email protected]
    > Subject: RE: [meu] Mvcall https
    >=20
    >=20
    > Assuming you have openssl on the system, and
    > you have your certificate, NOT your key, in a
    > file named certificatefile.crt, here is how you
    > get that name:
    >=20
    > openssl x509 -noout -hash < certificatefile.crt
    >=20
    >=20
    > David
    > Hostasaurus.Com

    At the time, I had access to my ssl command line at my IHP. I ran the
    command and it worked. I was able to MvCALL my own secure server. Since
    then, I've changed ISPs and have a different cert and now I do not have
    access to the openssl comand line. In the release notes for version =
    4.13,
    there's some new x509 functions. However, I simply do not understand the
    documentation/technology fully enough to know what they actually do. =
    Does
    anyone know if the x509_create function will accomplish this? Or at =
    least
    explain what some of the various parameters? Maybe the new CERTFILE
    attribute of MvCALL should be used instead, since I don't think it was
    available at the time of the above post?


    2: While researching the above I found this post.

    "....He was asking if a cert is necessary for making client to
    server HTTPS connections. The answer to that is yes in
    the case of Empresa. Empresa will not make remote HTTPS
    connections to sites running certificates it cannot verify
    as valid. That's why it has 129 public CA certificate files
    in the certs directory of the distribution, so it can
    verify the authenticity of the certificate authority who
    issued the certificate in use on the site......"

    Ok, what I get from this is that there are a bunch of public cert files =
    in
    the certs directory. These are used to verify the cert that's being used =
    on
    a site that is being MvCALLED. I'm assuming there are so many because =
    the
    idea is to be able to verify the most widely used CA's. My new cert is =
    from
    GeoTrust. Since I need to run the openssl command (above) on my cert =
    file to
    get miva to verify my cert in order to MvCALL _my_ secure server from my
    standard server (same machine), does that mean if I try to MvCALL =
    another
    site with GeoTrust cert that it will fail without _their_ public =
    GeoTrust
    cert installed on my server, or would having mine installed be enough? =
    If I
    didn't have a GeoTrust cert, then how would I get a public one for use =
    with
    Empressa for the sole purpose of being able to MvCALL sites using them? =
    This
    is the part that is really confusing me...... Another thing is that =
    GeoTrust
    is a fairly well known CA, so why isn't it included in the cert =
    directory by
    default, or am I totally missing the point?

    Thanks in advance,
    Bill M.



    #2
    SSL,MvCALL, and Certs



    ------=_NextPart_000_0032_01C4FFEA.FA1B4DA0
    Content-Type: text/plain;
    charset="us-ascii"
    Content-Transfer-Encoding: quoted-printable

    Hi Bill,

    You need to have OpenSSL on your server for it to work. You can check if
    OpenSSL is configured on your server using the s. miva_sslavailable =
    system
    variable (or run the attached file).

    You can find out how to install SSL on Unix/Linux from www.openssl.org =
    or if
    you're running Windows, =
    <A HREF ="http://www.slproweb.com/products/Win32OpenSSL.html">http://www.slproweb.com/products/Win32OpenSSL.html</A>

    HTH,

    Ben


    > -----Original Message-----
    > From: [email protected] [mailto:[email protected]] On
    > Behalf Of Bill Matlock
    > Sent: Friday, January 21, 2005 5:06 PM
    > To: Miva Users List
    > Subject: [meu] SSL,MvCALL, and Certs
    >=20
    > Greetings,
    > I have a few questions so I'll try to keep it as short as I can.
    >=20
    > 1: Some time back when MvCALL first started supporting ssl, i was
    > having trouble getting it to work. I found this post here and tried it =
    and
    > it solved the problem. Granted I was only trying to MvCALL a page on =
    my
    > own
    > secure domain from the same unsecure domain.
    >=20
    >=20
    > > -----Original Message-----
    > > From: [email protected] [mailto:[email protected]]On
    > > Behalf Of Hubbard, David
    > > Sent: Saturday, December 07, 2002 6:15 PM
    > > To: 'Craig'; [email protected]
    > > Subject: RE: [meu] Mvcall https
    > >
    > >
    > > Assuming you have openssl on the system, and
    > > you have your certificate, NOT your key, in a
    > > file named certificatefile.crt, here is how you
    > > get that name:
    > >
    > > openssl x509 -noout -hash < certificatefile.crt
    > >
    > >
    > > David
    > > Hostasaurus.Com
    >=20
    > At the time, I had access to my ssl command line at my IHP. I ran the
    > command and it worked. I was able to MvCALL my own secure server. =
    Since
    > then, I've changed ISPs and have a different cert and now I do not =
    have
    > access to the openssl comand line. In the release notes for version =
    4.13,
    > there's some new x509 functions. However, I simply do not understand =
    the
    > documentation/technology fully enough to know what they actually do. =
    Does
    > anyone know if the x509_create function will accomplish this? Or at =
    least
    > explain what some of the various parameters? Maybe the new CERTFILE
    > attribute of MvCALL should be used instead, since I don't think it was
    > available at the time of the above post?
    >=20
    >=20
    > 2: While researching the above I found this post.
    >=20
    > "....He was asking if a cert is necessary for making client to
    > server HTTPS connections. The answer to that is yes in
    > the case of Empresa. Empresa will not make remote HTTPS
    > connections to sites running certificates it cannot verify
    > as valid. That's why it has 129 public CA certificate files
    > in the certs directory of the distribution, so it can
    > verify the authenticity of the certificate authority who
    > issued the certificate in use on the site......"
    >=20
    > Ok, what I get from this is that there are a bunch of public cert =
    files in
    > the certs directory. These are used to verify the cert that's being =
    used
    > on
    > a site that is being MvCALLED. I'm assuming there are so many because =
    the
    > idea is to be able to verify the most widely used CA's. My new cert is
    > from
    > GeoTrust. Since I need to run the openssl command (above) on my cert =
    file
    > to
    > get miva to verify my cert in order to MvCALL _my_ secure server from =
    my
    > standard server (same machine), does that mean if I try to MvCALL =
    another
    > site with GeoTrust cert that it will fail without _their_ public =
    GeoTrust
    > cert installed on my server, or would having mine installed be enough? =
    If
    > I
    > didn't have a GeoTrust cert, then how would I get a public one for use
    > with
    > Empressa for the sole purpose of being able to MvCALL sites using =
    them?
    > This
    > is the part that is really confusing me...... Another thing is that
    > GeoTrust
    > is a fairly well known CA, so why isn't it included in the cert =
    directory
    > by
    > default, or am I totally missing the point?
    >=20
    > Thanks in advance,
    > Bill M.
    >=20
    >=20

    Comment


      #3
      SSL,MvCALL, and Certs



      Ben,
      Thanks. OpenSSL is properly installed and working. My question was =
      primarily
      about how Empressa works with the certs in regards to MvCALL.

      Bill M.

      -----Original Message-----
      From: Ben Walsh [mailto:[email protected]]=20
      Sent: Friday, January 21, 2005 7:57 PM
      To: [email protected]; 'Miva Users List'
      Subject: RE: [meu] SSL,MvCALL, and Certs


      Hi Bill,

      You need to have OpenSSL on your server for it to work. You can check if
      OpenSSL is configured on your server using the s. miva_sslavailable =
      system
      variable (or run the attached file).

      You can find out how to install SSL on Unix/Linux from www.openssl.org =
      or if
      you're running Windows, =
      <A HREF ="http://www.slproweb.com/products/Win32OpenSSL.html">http://www.slproweb.com/products/Win32OpenSSL.html</A>

      HTH,

      Ben


      > -----Original Message-----
      > From: [email protected] [mailto:[email protected]] On=20
      > Behalf Of Bill Matlock
      > Sent: Friday, January 21, 2005 5:06 PM
      > To: Miva Users List
      > Subject: [meu] SSL,MvCALL, and Certs
      >=20
      > Greetings,
      > I have a few questions so I'll try to keep it as short as I can.
      >=20
      > 1: Some time back when MvCALL first started supporting ssl, i was
      > having trouble getting it to work. I found this post here and tried it =

      > and it solved the problem. Granted I was only trying to MvCALL a page=20
      > on my own secure domain from the same unsecure domain.
      >=20
      >=20
      > > -----Original Message-----
      > > From: [email protected] [mailto:[email protected]]On
      > > Behalf Of Hubbard, David
      > > Sent: Saturday, December 07, 2002 6:15 PM
      > > To: 'Craig'; [email protected]
      > > Subject: RE: [meu] Mvcall https
      > >
      > >
      > > Assuming you have openssl on the system, and
      > > you have your certificate, NOT your key, in a
      > > file named certificatefile.crt, here is how you
      > > get that name:
      > >
      > > openssl x509 -noout -hash < certificatefile.crt
      > >
      > >
      > > David
      > > Hostasaurus.Com
      >=20
      > At the time, I had access to my ssl command line at my IHP. I ran the=20
      > command and it worked. I was able to MvCALL my own secure server.=20
      > Since then, I've changed ISPs and have a different cert and now I do=20
      > not have access to the openssl comand line. In the release notes for=20
      > version 4.13, there's some new x509 functions. However, I simply do=20
      > not understand the documentation/technology fully enough to know what=20
      > they actually do. Does anyone know if the x509_create function will=20
      > accomplish this? Or at least explain what some of the various=20
      > parameters? Maybe the new CERTFILE attribute of MvCALL should be used=20
      > instead, since I don't think it was available at the time of the above =

      > post?
      >=20
      >=20
      > 2: While researching the above I found this post.
      >=20
      > "....He was asking if a cert is necessary for making client to server=20
      > HTTPS connections. The answer to that is yes in the case of Empresa. =

      > Empresa will not make remote HTTPS connections to sites running=20
      > certificates it cannot verify as valid. That's why it has 129 public=20
      > CA certificate files in the certs directory of the distribution, so it =

      > can verify the authenticity of the certificate authority who
      > issued the certificate in use on the site......"
      >=20
      > Ok, what I get from this is that there are a bunch of public cert=20
      > files in the certs directory. These are used to verify the cert that's =

      > being used on a site that is being MvCALLED. I'm assuming there are so =

      > many because the idea is to be able to verify the most widely used=20
      > CA's. My new cert is from
      > GeoTrust. Since I need to run the openssl command (above) on my cert =
      file
      > to
      > get miva to verify my cert in order to MvCALL _my_ secure server from =
      my
      > standard server (same machine), does that mean if I try to MvCALL =
      another
      > site with GeoTrust cert that it will fail without _their_ public =
      GeoTrust
      > cert installed on my server, or would having mine installed be enough? =
      If
      > I
      > didn't have a GeoTrust cert, then how would I get a public one for use
      > with
      > Empressa for the sole purpose of being able to MvCALL sites using =
      them?
      > This
      > is the part that is really confusing me...... Another thing is that
      > GeoTrust
      > is a fairly well known CA, so why isn't it included in the cert =
      directory
      > by
      > default, or am I totally missing the point?
      >=20
      > Thanks in advance,
      > Bill M.
      >=20
      >=20

      Comment

      Working...
      X