This article describes how to use SELF SIGNED certificates, that
is be your own CA. If you're using your cert signed by a
publicly trusted CA then this is plainly the wrong way to go
about it.
You say say you've been trying to get a certificate signed, but
you're vague as to whether the cert or the CA is what you've
"made". (It could be both.)
Sorry, thought I was being clear, since the article is for making
your own CA and then signing your own certs with it I thought
you'd understand that this is the process I'm trying to accomplish.
I've seen ppl try to do some rather silly things...
Like trying to use two SSL certs on the same IP:Port, for instance ;)
I'll be the first to admit that I do alot of silly things; however,
in this case I'm not trying to do that.
Anyway, I've created my own CA and then I created a cert with it
and successfully imported it into SA to SSLify one of my websites.
I followed the same procedure with another cert and SA will not
let me import it. I don't know what the problem is since I'm doing
the exact same thing.
Well, there obviously have to be differences, it's a different cert
and needs to be using different IPs or ports or something in order
for SSL to work, so perhaps you might consider describing these
differences and your procedure for implementing this.
For instance, since the SSL operations you're doing are at the
socket level, how have you separated the two "sites" and their
certs during a connect??? How do you differentiate between which
you should be using?
I'm not getting this far. I'm not having a problem with implementing
the cert. I simply can't import it into SA at all.
1. Click import button.
2. Point to Certificate File.
3. Point to Private Key File.
4. Point to CA File.
5. Click Import button.
Then I get an error message saying "Certificate Import Failed. Make
sure that the values you entered are correct and that the certificate
files on the server are valid."
This is the exact set of steps that I followed with the first one
that imported correctly.
Now it's taking a very long time, like 3-4 minutes to send a
mail out.
Have you tried watching this using tcpdump, et al? Where's the
hangup?
I definitely should have been more specific here, I apologize. The
hangup is with my client connecting to my host in the first place.
It takes many minutes to make the connection. Once it gets to the
server it goes out immediately.
Again, what does sniffing show? I'll suspect it's not 'taking
minutes to connect' but NOT connecting and timing out and falling
back to something else. But hey, we're not mind readers and that's
why getting actual facts is required.
I solved this particular part of the mystery. I'm now just trying to
figure out the problem above.
Okay. Anyway, I think I figured out the problem. In adding and
deleting the cert for my mail server several times while trying to
get my CA signed cert imported, the use cert foo popup in the mail
admin got confused and went to 'Custom configuration'. Once I made
another cert with SA and put it in the pop up it seems to be
connecting quickly again.
That just leaves the question of why won't SA take anymore certs
from my CA besides the one.
Ah... Because that's how SSL works?
It occurs in the SESSION, and when you connect you can't identify
which cert you need to use because that info is encrypted.
So I ask again, since you MUST be doing something different between
using the two certs, what is it that you're doing? How are you
differentiating the two for the connection?
Please see above clarification, I'm not having problems using the
certs, I'm having a problem importing them for use.
--
-dhan
Thanks,
David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
