[squeak-dev] Re: Using SqueakSSL with Seaside
Andreas Raab
andreas.raab at gmx.de
Wed Jan 12 17:59:04 UTC 2011
On 1/12/2011 4:18 AM, Vaidotas Didžbalis wrote:
> Hello
> I tied SqueakSSL with Seaside as described in [1]. To produce self
> signed certificate I used command:
>
> openssl req -new -x509 -keyout mazas.pem -out mazas.pem -days 365 -nodes
>
> when assigning certificate in Seaside concole got an (error 1). 1
> means generic certificate error. But I can access site, with browser
> complaining about not to be trusted sertificate.
>
> plaform is Ubuntu 10.10. Question is this supposed to be that way?
Yes and no. Yes, in such that there is an "issue" with the cert (it's
self-signed and OpenSSL complains about that). No in such that we should
be able to better information about the type of issue at hand.
> By the way on Windows got error -5 with a same certificate and was not
> able to use https.
You've probably imported it incorrectly. You cannot add a .pem file to
the Windows certificate store. You have to convert it into a .pfx file
(and make sure that you don't lose the private key in the process as
happened to me a couple of times before I got it right), then you have
to install the .pfx file into the "Personal" certificate store. And
finally, to name it you need to use the organization (i.e., the entity
the cert was issued to) since Windows does not seem to preserve the file
name of the imported cert (although I just noted that it looks as if in
Win7 the "friendly name" is actually the name of the file, so perhaps
I'll change that).
The best way to do this is make the .pfx, run the install, then go into
the certificate manager and check that a) the cert has a private key
attached to it and b) what the "issued to" value is and use that to name
the cert. This should work.
Cheers,
- Andreas
>
> [1] http://squeakingalong.wordpress.com/2010/08/07/using-squeakssl-with-seaside/
>
> Thank you,
> Vaidotas
>
>
More information about the Squeak-dev
mailing list
|