[squeak-dev] Re: Using SqueakSSL with SeasideVaidotas Didžbalis vaidasd at gmail.comMon Jan 24 19:43:45 UTC 2011
Used this command to generate pfx file: C:\OpenSSL-Win32\bin\openssl pkcs12 -export -out .\certificate.pfx -in .\mazas.pem -certfile .\mazas.pem and everything goes ok, with a difference that one gets SSL error with code 2 (on Ubuntu code is 1) on Windows using self signed certificate, thank you, Vaidotas On Wed, Jan 12, 2011 at 7:59 PM, Andreas Raab <andreas.raab at gmx.de> wrote: > On 1/12/2011 4:18 AM, Vaidotas Didžbalis wrote: >> >> Hello >> I tied SqueakSSL with Seaside as described in [1]. To produce self >> signed certificate I used command: >> >> openssl req -new -x509 -keyout mazas.pem -out mazas.pem -days 365 -nodes >> >> when assigning certificate in Seaside concole got an (error 1). 1 >> means generic certificate error. But I can access site, with browser >> complaining about not to be trusted sertificate. >> >> plaform is Ubuntu 10.10. Question is this supposed to be that way? > > Yes and no. Yes, in such that there is an "issue" with the cert (it's > self-signed and OpenSSL complains about that). No in such that we should be > able to better information about the type of issue at hand. > >> By the way on Windows got error -5 with a same certificate and was not >> able to use https. > > You've probably imported it incorrectly. You cannot add a .pem file to the > Windows certificate store. You have to convert it into a .pfx file (and make > sure that you don't lose the private key in the process as happened to me a > couple of times before I got it right), then you have to install the .pfx > file into the "Personal" certificate store. And finally, to name it you need > to use the organization (i.e., the entity the cert was issued to) since > Windows does not seem to preserve the file name of the imported cert > (although I just noted that it looks as if in Win7 the "friendly name" is > actually the name of the file, so perhaps I'll change that). > > The best way to do this is make the .pfx, run the install, then go into the > certificate manager and check that a) the cert has a private key attached to > it and b) what the "issued to" value is and use that to name the cert. This > should work. > > Cheers, > - Andreas > >> >> [1] >> http://squeakingalong.wordpress.com/2010/08/07/using-squeakssl-with-seaside/ >> >> Thank you, >> Vaidotas >> >> > > >
More information about the Squeak-dev mailing list |