On 07/10/2013 20:26, Yehuda Katz wrote:
OpenSSL supports each of the options you need (one at a time). http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/ Just add the server to the hosts file. - Y
......thanks for the above, certainly bits of my setup are OK, but now the dns has gone live and various checkers are saying that the chain is broken.
I used the instructions for GlobalSign Extended, but I'm not sure how to make use of three certs from them; ie I don't know what to do with the cross certificate. See
https://support.globalsign.com/customer/portal/articles/1223443-intermediate-certificate---extendedssl where it says"As an ExtendedSSL customer you must install your end entity ExtendedSSL Certificate (received by email) and both the ExtendedSSL CA - G2 Intermediate Certificate and the GlobalSign Cross Certificate to your web server."
So I have my cert the GS root cert and the intermediate cert pointed at by the apache conf like this
SSLCertificateFile /xxxx/etc/certs/myhost.com.crt SSLCertificateKeyFile /xxxx/etc/certs/myhost.key SSLCACertificateFile /xxxx/etc/certs/globalsign-root-ca-rc2.crt SSLCertificateChainFile /xxxx/etc/certs/globalsign-intermediate-extended.crt
but where / how do I inject the 'cross' certificate? -- Robin Becker --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|