4. (solved) SSL cert chaining w/ multiple CA files (bundled not working)?

(solved) SSL cert chaining w/ multiple CA files (bundled not working)?

  • J

    Our Thawte SSL123 cert expired and so we renewed but now they require a chained CA file (boo) and I cannot get it to work.

    I have done the following (this is on 1.2.3, hdd install):

    • downloaded pem bundled CA file from thawte article AR1372 1
    • copied above file to pfSense box and made corresponding ssl.ca-file entry in lighty-CaptivePortal-SSL.conf file per the article 2 on this forum
    • restarted lighttpd

    with no luck, clients still get certificate not trusted errors.

    On the same Thawte article there is a link to non-bundled CA files so I'm thinking maybe lighttpd doesn't support bundled CA files but I cannot find out how to include two CA files in the lighty-CaptivePortal-SSL.conf file.

    Any help would be greatly appreciated (on either what I did wrong w/ the bundled version of the CA file or on how to add a second CA file to the config - I don't want to risk messing up the box so I didn't just try adding another line for the second file).

    Thanks in advance.

    0
  • J

    Man, almost a whole day of messing with this and it turns out that the CA/chain file I downloaded was in DOS format (CRLF rather than just CR).  I ran it through "dos2unix" and re-copied it and all is well.  cat -v is your friend!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy