On Feb 12, 2009, at 15:29 , Claus Larsen wrote:
I am having some problems with a SSL proxy like the one described on
https://calomel.org/relayd.html
No problems getting it up and running, but the browser cannot verify
the
signed certificates.
Internet Explorer says:
The security certificate presented by this website was not issued by a
trusted certificate authority.
Safari says:
www.xxxxx.com
Issued by: Comodo Class 3 Security Services CA
Expires: .....
This certificate was signed by an unknown authority
My certificates works fine when running on apache.
Research tells me that I need a chain/intermediate certificate to
get things
working.
But I have not been able to find any info about this with relayd.
I have recieved the following files with my certifcate:
AddTrustExternalCARoot.crt
UTNAddTrustServerCA.crt
cat yourcert.crt > combinedcert.crt
cat UTNAddTrustServerCA.crt >> combinedcert.crt
cat AddTrustExternalCARoot.crt >> combinedcert.crt
not sure about the order though.. But I'm quite sure your own cert
goes first, and then the others should go with the "master" last. I
think. :)
Make sure there are a newline at the end of each file first, or at
least that the resulting file have a newline between each cert (not a
blank line, but just so they dont get mixed up on the same lines)
When all are added, use combinedcert.crt in /etc/ssl for your IP.
Good luck :)
