Web Server certificate question

Terence J. young, DC terry.young at journeymhc.org
Tue Mar 24 13:33:16 EDT 2015 

Hi Jim,

If the issuer is an intermediary issuing agent of a root level CA, the 
you also ned to include a value for the SSLCACertificateFile directive.

If you had wanted to use name base virtual hosts on the apache server, 
you could have pruchased a wildcard certificate that would have a CN = 
*.jimsdomain.com

You could then have mutiple dns entries pointing to the same server and 
then serve up the same certificate, or separete certificates for each 
virtual host.

terry

PS, you can view the contents of your cert with the following..

openssl x509 -in /pathtocert/nameofcert -text




On 3/24/15, 10:40 AM, Jim Pistrang wrote:
> Hi Lou, Bruno, Andrew, others,
>
> I already have a trusted SSL certificate for jimsdomain.com installed on the server.  If I associate jimsdomain.com with the FIREWALL address will it all work?  In other words...
>
> 1) www.jimsdomain.com is mapped to the firewall IP address (12.345.67.89 in my example below)
> 2) the url for the app is https:www.jimsdomain.com:5922/rfMyApp.htm>
> 3) port 5922 is routed to the server
> 3) the SSL certificate for www.jimsdomain.com is installed on the server
>
> Will this work?
>
> Thanks,
>
> Jim
>
> Lou said:
>
>> This is generally a constraint effected/controlled by the Certificate
>> Authority. Generally speaking, the FQDN must match precisely the CN
>> (Common Name) of the issued (sub-) certificate. You'd likely want to
>> issue a server cert of the format myserver.JimsDomain.com. It's a common
>> that a directly IP-addressed server would get choked on.
>>
>> This is all controlled by the 'rules' your issuing CA builds into its
>> signing process - as well as any you determine, if you're issuing your
>> own certs - as we do.
> Bruno said:
>> Server certificates are bound to a single dns name. Thus, ip adresses,
>> localhost or any nickname you might use to call
>> your server wil get you the same warning.
> Andrew said:
>> You need to generate a Certificate Signing Request (CSR) from the mac you
>> are going to install on.
>>
>> It will then spit out a file and you need to submit the contents to your
>> SSL provider, which when then send you a file back that you install on the
>> server.
>>
>>
>> It seems like you did not generate the CSR on the machine, and or you do
>> not have a dedicated IP address for a SSL certificate.
>   
>> ----- Original Message -----
>>
>> From: "Jim Pistrang" <jim at jpcr.com>
>> To: "Omnis List Mail" <omnisdev-en at lists.omnis-dev.com>
>> Sent: Tuesday, March 24, 2015 10:50:52 AM
>> Subject: Web Server certificate question
>>
>> Hi all,
>>
>> This isn't exactly an Omnis question, but it is related. Hope someone
>> can help.
>>
>> I have an Omnis Javascript application running on a client site. The app
>> is running on a Mac OS X Server inside their firewall. The app can be
>> run from outside their firewall via a secure port in their firewall.
>> When I do this, the url looks like this:
>> <https://12.345.67.89:5922/rfMyApp.htm>
>> In the above example, 12.345.67.89 is the IP address of the firewall,
>> and port 5922 is a secure port opened to the server. Apache is listening
>> on this port.
>>
>> This all works perfectly well, except that users get a warning saying
>> that the site may not be secure. My client has asked that I purchase a
>> trusted certificate for the site. I have done the following:
>>
>> 1) Gave the server a host name of jimsdomain.com
>> 2) Registered jimsdomain.com and purchased a trusted certificate. [note:
>> the domain name is not associated with an IP address]
>> 3) Added the certificate in Server Manager on the server, and it shows
>> up as valid
>>
>> BUT - I still get warning messages in my browser when I access the app,
>> since the url that I type in <https://12.345.67.89:5922/rfMyApp.htm>
>> does not match the certificate name 'jimsdomain.com'
>>
>> Is there a way to do this? Do I need to install a certificate on the
>> firewall?
>>
>> Jim
>>
>> -- 
>> Jim Pistrang
>> JP Computer Resources
>> 413-256-4569
>> <http://www.jpcr.com>
>>
>>
>> _____________________________________________________________
>> Manage your list subscriptions at http://lists.omnis-dev.com
>>
>> _____________________________________________________________
>> Manage your list subscriptions at http://lists.omnis-dev.com
>>

More information about the omnisdev-en mailing list