On 1/12/2011 4:18 AM, Vaidotas Didžbalis wrote:
> Hello
> I tied  SqueakSSL with Seaside as described in [1]. To produce self
> signed certificate I used command:
>
> openssl req -new -x509 -keyout mazas.pem -out mazas.pem -days 365 -nodes
>
> when assigning certificate in Seaside concole got an (error 1). 1
> means generic certificate error. But I can access site, with browser
> complaining about not to be trusted sertificate.
>
> plaform is Ubuntu 10.10. Question is this supposed to be that way?

Yes and no. Yes, in such that there is an "issue" with the cert (it's 
self-signed and OpenSSL complains about that). No in such that we should 
be able to better information about the type of issue at hand.

> By the way on Windows got error -5 with a same certificate and was not
> able to use https.

You've probably imported it incorrectly. You cannot add a .pem file to 
the Windows certificate store. You have to convert it into a .pfx file 
(and make sure that you don't lose the private key in the process as 
happened to me a couple of times before I got it right), then you have 
to install the .pfx file into the "Personal" certificate store. And 
finally, to name it you need to use the organization (i.e., the entity 
the cert was issued to) since Windows does not seem to preserve the file 
name of the imported cert (although I just noted that it looks as if in 
Win7 the "friendly name" is actually the name of the file, so perhaps 
I'll change that).

The best way to do this is make the .pfx, run the install, then go into 
the certificate manager and check that a) the cert has a private key 
attached to it and b) what the "issued to" value is and use that to name 
the cert. This should work.

Cheers,
   - Andreas

>
> [1] http://squeakingalong.wordpress.com/2010/08/07/using-squeakssl-with-seaside/
>
> Thank you,
> Vaidotas
>
>