Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    (solved) SSL cert chaining w/ multiple CA files (bundled not working)?

    Captive Portal
    1
    2
    2738
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpod last edited by

      Our Thawte SSL123 cert expired and so we renewed but now they require a chained CA file (boo) and I cannot get it to work.

      I have done the following (this is on 1.2.3, hdd install):

      • downloaded pem bundled CA file from thawte article AR1372 1
      • copied above file to pfSense box and made corresponding ssl.ca-file entry in lighty-CaptivePortal-SSL.conf file per the article 2 on this forum
      • restarted lighttpd

      with no luck, clients still get certificate not trusted errors.

      On the same Thawte article there is a link to non-bundled CA files so I'm thinking maybe lighttpd doesn't support bundled CA files but I cannot find out how to include two CA files in the lighty-CaptivePortal-SSL.conf file.

      Any help would be greatly appreciated (on either what I did wrong w/ the bundled version of the CA file or on how to add a second CA file to the config - I don't want to risk messing up the box so I didn't just try adding another line for the second file).

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • J
        jpod last edited by

        Man, almost a whole day of messing with this and it turns out that the CA/chain file I downloaded was in DOS format (CRLF rather than just CR).  I ran it through "dos2unix" and re-copied it and all is well.  cat -v is your friend!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post