This article describes how to use SELF SIGNED certificates, that is
be your own CA. If you're using your cert signed by a publicly
trusted CA then this is plainly the wrong way to go about it.
You say say you've been trying to get a certificate signed, but
you're vague as to whether the cert or the CA is what you've
"made". (It could be both.)
Sorry, thought I was being clear, since the article is for making
your own CA and then signing your own certs with it I thought you'd
understand that this is the process I'm trying to accomplish.
I've seen ppl try to do some rather silly things...
Like trying to use two SSL certs on the same IP:Port, for instance ;)
Anyway, I've created my own CA and then I created a cert with it and
successfully imported it into SA to SSLify one of my websites. I
followed the same procedure with another cert and SA will not let me
import it. I don't know what the problem is since I'm doing the
exact same thing.
Well, there obviously have to be differences, it's a different cert
and needs to be using different IPs or ports or something in order
for SSL to work, so perhaps you might consider describing these
differences and your procedure for implementing this.
For instance, since the SSL operations you're doing are at the socket
level, how have you separated the two "sites" and their certs during
a connect??? How do you differentiate between which you should be
using?
Now it's taking a very long time, like 3-4 minutes to send a mail out.
Have you tried watching this using tcpdump, et al? Where's the hangup?
I definitely should have been more specific here, I apologize. The
hangup is with my client connecting to my host in the first place.
It takes many minutes to make the connection. Once it gets to the
server it goes out immediately.
Again, what does sniffing show? I'll suspect it's not 'taking minutes
to connect' but NOT connecting and timing out and falling back to
something else. But hey, we're not mind readers and that's why
getting actual facts is required.
Okay. Anyway, I think I figured out the problem. In adding and
deleting the cert for my mail server several times while trying to
get my CA signed cert imported, the use cert foo popup in the mail
admin got confused and went to 'Custom configuration'. Once I made
another cert with SA and put it in the pop up it seems to be
connecting quickly again.
That just leaves the question of why won't SA take anymore certs
from my CA besides the one.
Ah... Because that's how SSL works?
It occurs in the SESSION, and when you connect you can't identify
which cert you need to use because that info is encrypted.
So I ask again, since you MUST be doing something different between
using the two certs, what is it that you're doing? How are you
differentiating the two for the connection?
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.iwiring.net/
email@hidden http://www.ustsvs.com/
iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
