I really confused with ssl_certfile, ssl_keyfile and cacertfile, I use
the below steps to create those files, but seems failed to setup https
for zotonic:
I'm also confused with the certificates configuration, the lack of a certificate naming convention makes things difficult. What I have is:
- key.pem, my private key.
- request.pem, the certificate request.
- ssl.pem, the signed certificate that contains key.pem.
I suppose ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem" but what about ssl_cacertfile?. Is it the "cacerts certificates file" mentioned here?:
http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.htm... Is ssl_cacertfile a mandatory parameter?.
Thank you,
Iván Martínez
El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry liu escribió:
> I really confused with ssl_certfile, ssl_keyfile and cacertfile, I use > the below steps to create those files, but seems failed to setup https > for zotonic:
> I'm also confused with the certificates configuration, the lack of a certificate naming convention makes things difficult. What I have is:
> - key.pem, my private key.
> - request.pem, the certificate request.
> - ssl.pem, the signed certificate that contains key.pem.
> I suppose ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem" but what about ssl_cacertfile?. Is it the "cacerts certificates file" mentioned here?:
> http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.htm... > Is ssl_cacertfile a mandatory parameter?.
> Thank you,
> Iván Martínez
> El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry liu escribió:
>> Hi,
>> I really confused with ssl_certfile, ssl_keyfile and cacertfile, I use >> the below steps to create those files, but seems failed to setup https >> for zotonic:
Thank you Marc, I understand from 0.9 docs that I only need ssl_certfile and ssl_keyfile, since I'm using a self-signed certificate. I'm running Zotonic 0.8.1 and following the instructions for 0.6 published here:
http://zotonic.com/https-support It doesn't seem to work but I don't get any error either, it's like nothing changed. I even tried setting wrong paths to the certificate files as follows:
Still no error message, my Zotonic seems to ignore these settings. I looked in the modules list of the admin console but couldn't find anything related to SSL. Am I forgetting to install or enable anything?.
Thank you,
Ivan
El sábado, 20 de octubre de 2012 22:08:16 UTC+2, Marc Worrell escribió:
> On 20 okt. 2012, at 21:29, Ivan Martinez <super...@gmail.com <javascript:>> > wrote:
> I'm also confused with the certificates configuration, the lack of a > certificate naming convention makes things difficult. What I have is:
> - key.pem, my private key.
> - request.pem, the certificate request.
> - ssl.pem, the signed certificate that contains key.pem.
> I suppose ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem" but > what about ssl_cacertfile?. Is it the "cacerts certificates file" mentioned > here?:
> El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry liu escribió:
>> Hi,
>> I really confused with ssl_certfile, ssl_keyfile and cacertfile, I use >> the below steps to create those files, but seems failed to setup https >> for zotonic:
> Thank you Marc, I understand from 0.9 docs that I only need ssl_certfile and ssl_keyfile, since I'm using a self-signed certificate. I'm running Zotonic 0.8.1 and following the instructions for 0.6 published here:
> http://zotonic.com/https-support > It doesn't seem to work but I don't get any error either, it's like nothing changed. I even tried setting wrong paths to the certificate files as follows:
> Still no error message, my Zotonic seems to ignore these settings. I looked in the modules list of the admin console but couldn't find anything related to SSL. Am I forgetting to install or enable anything?.
> Thank you,
> Ivan
> El sábado, 20 de octubre de 2012 22:08:16 UTC+2, Marc Worrell escribió:
> Hi,
> Maybe the 0.9 ssl docs can take away a bit of your confusion.
> On 20 okt. 2012, at 21:29, Ivan Martinez <super...@gmail.com> wrote:
>> I'm also confused with the certificates configuration, the lack of a certificate naming convention makes things difficult. What I have is:
>> - key.pem, my private key.
>> - request.pem, the certificate request.
>> - ssl.pem, the signed certificate that contains key.pem.
>> I suppose ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem" but what about ssl_cacertfile?. Is it the "cacerts certificates file" mentioned here?:
>> http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.htm... >> Is ssl_cacertfile a mandatory parameter?.
>> Thank you,
>> Iván Martínez
>> El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry liu escribió:
>> Hi,
>> I really confused with ssl_certfile, ssl_keyfile and cacertfile, I use >> the below steps to create those files, but seems failed to setup https >> for zotonic:
> In 0.8 the SSL is handled by starting a separate listener from the main > supervisor.
> Check src/zotonic_sup.erl
> It just hands all settings you pass to MochiWeb for initializing a SSL > listener.
> Very strange that you seem to have problems, as MaxClass.com is running > on 0.8 and uses the same code.
> Maybe you can check what happens in the listeners?
> We might need to add some extra checks, which is also very useful for the > 0.9
> - Marc
> On 24 okt. 2012, at 21:28, Ivan Martinez wrote:
> Thank you Marc, I understand from 0.9 docs that I only need ssl_certfile > and ssl_keyfile, since I'm using a self-signed certificate. I'm running > Zotonic 0.8.1 and following the instructions for 0.6 published here:
> http://zotonic.com/https-support > It doesn't seem to work but I don't get any error either, it's like > nothing changed. I even tried setting wrong paths to the certificate files > as follows:
> Still no error message, my Zotonic seems to ignore these settings. I > looked in the modules list of the admin console but couldn't find anything > related to SSL. Am I forgetting to install or enable anything?.
> Thank you,
> Ivan
> El sábado, 20 de octubre de 2012 22:08:16 UTC+2, Marc Worrell escribió:
>> Hi,
>> Maybe the 0.9 ssl docs can take away a bit of your confusion.
>> On 20 okt. 2012, at 21:29, Ivan Martinez <super...@gmail.com> wrote:
>> I'm also confused with the certificates configuration, the lack of a >> certificate naming convention makes things difficult. What I have is:
>> - key.pem, my private key.
>> - request.pem, the certificate request.
>> - ssl.pem, the signed certificate that contains key.pem.
>> I suppose ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem" but >> what about ssl_cacertfile?. Is it the "cacerts certificates file" mentioned >> here?:
>> El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry liu escribió:
>>> Hi,
>>> I really confused with ssl_certfile, ssl_keyfile and cacertfile, I use >>> the below steps to create those files, but seems failed to setup https >>> for zotonic:
I've not followed the discussion from beginning, but the
z_config:get_dirty/1 reads the priv/config file (hint: there's no site or
context passed in to be able to deduce which other config file to read).
> Looks like it's not reading any SSL parameter from the config file. This
> should be "/priv/sites/mysite/config" file, right?.
> Thank you,
> Ivan
> El miércoles, 24 de octubre de 2012 21:38:01 UTC+2, Marc Worrell escribió:
>> In 0.8 the SSL is handled by starting a separate listener from the main
>> supervisor.
>> Check src/zotonic_sup.erl
>> It just hands all settings you pass to MochiWeb for initializing a SSL
>> listener.
>> Very strange that you seem to have problems, as MaxClass.com is running
>> on 0.8 and uses the same code.
>> Maybe you can check what happens in the listeners?
>> We might need to add some extra checks, which is also very useful for the
>> 0.9
>> - Marc
>> On 24 okt. 2012, at 21:28, Ivan Martinez wrote:
>> Thank you Marc, I understand from 0.9 docs that I only need ssl_certfile
>> and ssl_keyfile, since I'm using a self-signed certificate. I'm running
>> Zotonic 0.8.1 and following the instructions for 0.6 published here:
>> http://zotonic.com/https-**support <http://zotonic.com/https-support>
>> It doesn't seem to work but I don't get any error either, it's like
>> nothing changed. I even tried setting wrong paths to the certificate files
>> as follows:
>> Still no error message, my Zotonic seems to ignore these settings. I
>> looked in the modules list of the admin console but couldn't find anything
>> related to SSL. Am I forgetting to install or enable anything?.
>> Thank you,
>> Ivan
>> El sábado, 20 de octubre de 2012 22:08:16 UTC+2, Marc Worrell escribió:
>>> Hi,
>>> Maybe the 0.9 ssl docs can take away a bit of your confusion.
>>> On 20 okt. 2012, at 21:29, Ivan Martinez <super...@gmail.com> wrote:
>>> I'm also confused with the certificates configuration, the lack of a
>>> certificate naming convention makes things difficult. What I have is:
>>> - key.pem, my private key.
>>> - request.pem, the certificate request.
>>> - ssl.pem, the signed certificate that contains key.pem.
>>> I suppose ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem"
>>> but what about ssl_cacertfile?. Is it the "cacerts certificates file"
>>> mentioned here?:
>>> http://docs.oracle.com/javase/**1.5.0/docs/tooldocs/solaris/** >>> keytool.html#importCmd<http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.htm...>
>>> Is ssl_cacertfile a mandatory parameter?.
>>> Thank you,
>>> Iván Martínez
>>> El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry liu escribió:
>>>> Hi,
>>>> I really confused with ssl_certfile, ssl_keyfile and cacertfile, I use
>>>> the below steps to create those files, but seems failed to setup https
>>>> for zotonic:
Thank you Andreas, I have added the certificate configuration to priv/config and now it works. I don't know why I didn't see the example in config.in, probably because I didn't expect to find it there. There is something I don't understand: if the certificate is domain-specific, how come it is configured in the general priv/config file instead of /priv/sites/mysite/config for the website whose domain I want to secure?. If I need to add two certificates for two domains in the same Zotonic server, how is it done?.
Thank you,
Ivan Martinez
El lunes, 29 de octubre de 2012 09:16:42 UTC+1, Andreas Stenius escribió:
> I've not followed the discussion from beginning, but the > z_config:get_dirty/1 reads the priv/config file (hint: there's no site or > context passed in to be able to deduce which other config file to read).
> Hope this helps.
> //Andreas
> 2012/10/28 Ivan Martinez <super...@gmail.com <javascript:>>
>> Hello Marc,
>> I'm not sure how to check what happens with the listeners. I run Zotonic >> and did the following in the console:
>> Looks like it's not reading any SSL parameter from the config file. This >> should be "/priv/sites/mysite/config" file, right?.
>> Thank you,
>> Ivan
>> El miércoles, 24 de octubre de 2012 21:38:01 UTC+2, Marc Worrell escribió:
>>> In 0.8 the SSL is handled by starting a separate listener from the main >>> supervisor.
>>> Check src/zotonic_sup.erl
>>> It just hands all settings you pass to MochiWeb for initializing a SSL >>> listener.
>>> Very strange that you seem to have problems, as MaxClass.com is running >>> on 0.8 and uses the same code.
>>> Maybe you can check what happens in the listeners?
>>> We might need to add some extra checks, which is also very useful for >>> the 0.9
>>> - Marc
>>> On 24 okt. 2012, at 21:28, Ivan Martinez wrote:
>>> Thank you Marc, I understand from 0.9 docs that I only need ssl_certfile >>> and ssl_keyfile, since I'm using a self-signed certificate. I'm running >>> Zotonic 0.8.1 and following the instructions for 0.6 published here:
>>> http://zotonic.com/https-**support <http://zotonic.com/https-support>
>>> It doesn't seem to work but I don't get any error either, it's like >>> nothing changed. I even tried setting wrong paths to the certificate files >>> as follows:
>>> Still no error message, my Zotonic seems to ignore these settings. I >>> looked in the modules list of the admin console but couldn't find anything >>> related to SSL. Am I forgetting to install or enable anything?.
>>> Thank you,
>>> Ivan
>>> El sábado, 20 de octubre de 2012 22:08:16 UTC+2, Marc Worrell escribió:
>>>> Hi,
>>>> Maybe the 0.9 ssl docs can take away a bit of your confusion.
>>>> On 20 okt. 2012, at 21:29, Ivan Martinez <super...@gmail.com> wrote:
>>>> I'm also confused with the certificates configuration, the lack of a >>>> certificate naming convention makes things difficult. What I have is:
>>>> - key.pem, my private key.
>>>> - request.pem, the certificate request.
>>>> - ssl.pem, the signed certificate that contains key.pem.
>>>> I suppose ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem" >>>> but what about ssl_cacertfile?. Is it the "cacerts certificates file" >>>> mentioned here?:
>>>> http://docs.oracle.com/javase/**1.5.0/docs/tooldocs/solaris/** >>>> keytool.html#importCmd<http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.htm...>
>>>> Is ssl_cacertfile a mandatory parameter?.
>>>> Thank you,
>>>> Iván Martínez
>>>> El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry liu escribió:
>>>>> Hi,
>>>>> I really confused with ssl_certfile, ssl_keyfile and cacertfile, I use >>>>> the below steps to create those files, but seems failed to setup https >>>>> for zotonic:
> Thank you Andreas, I have added the certificate configuration to > priv/config and now it works. I don't know why I didn't see the > example in config.in, probably because I didn't expect to find it > there. There is something I don't understand: if the certificate is > domain-specific, how come it is configured in the general priv/config > file instead of /priv/sites/mysite/config for the website whose domain > I want to secure?. If I need to add two certificates for two domains > in the same Zotonic server, how is it done?.
That is not possible. virtual hosting with SSL is impossible: each IP+port combination needs its own SSl certificate; certificates.
In Zotonic 0.9, we have refactored SSL support so that SSL sites can run on different ports, each vhost a different SSL port.
> El lunes, 29 de octubre de 2012 09:16:42 UTC+1, Andreas Stenius escribió:
> Hi Ivan,
> I've not followed the discussion from beginning, but the
> z_config:get_dirty/1 reads the priv/config file (hint: there's no
> site or context passed in to be able to deduce which other config
> file to read).
> Hope this helps.
> //Andreas
> 2012/10/28 Ivan Martinez <super...@gmail.com <javascript:>>
> Hello Marc,
> I'm not sure how to check what happens with the listeners. I
> run Zotonic and did the following in the console:
> Looks like it's not reading any SSL parameter from the config
> file. This should be "/priv/sites/mysite/config" file, right?.
> Thank you,
> Ivan
> El miércoles, 24 de octubre de 2012 21:38:01 UTC+2, Marc
> Worrell escribió:
> In 0.8 the SSL is handled by starting a separate listener
> from the main supervisor.
> Check src/zotonic_sup.erl
> It just hands all settings you pass to MochiWeb for
> initializing a SSL listener.
> Very strange that you seem to have problems, as
> MaxClass.com <http://MaxClass.com> is running on 0.8 and
> uses the same code.
> Maybe you can check what happens in the listeners?
> We might need to add some extra checks, which is also very
> useful for the 0.9
> - Marc
> On 24 okt. 2012, at 21:28, Ivan Martinez wrote:
>> Thank you Marc, I understand from 0.9 docs that I only
>> need ssl_certfile and ssl_keyfile, since I'm using a
>> self-signed certificate. I'm running Zotonic 0.8.1 and
>> following the instructions for 0.6 published here:
>> http://zotonic.com/https-support >> <http://zotonic.com/https-support>
>> It doesn't seem to work but I don't get any error either,
>> it's like nothing changed. I even tried setting wrong
>> paths to the certificate files as follows:
>> Still no error message, my Zotonic seems to ignore these
>> settings. I looked in the modules list of the admin
>> console but couldn't find anything related to SSL. Am I
>> forgetting to install or enable anything?.
>> Thank you,
>> Ivan
>> El sábado, 20 de octubre de 2012 22:08:16 UTC+2, Marc
>> Worrell escribió:
>> Hi,
>> Maybe the 0.9 ssl docs can take away a bit of your
>> confusion.
>> On 20 okt. 2012, at 21:29, Ivan Martinez
>> <super...@gmail.com> wrote:
>>> I'm also confused with the certificates
>>> configuration, the lack of a certificate naming
>>> convention makes things difficult. What I have is:
>>> - key.pem, my private key.
>>> - request.pem, the certificate request.
>>> - ssl.pem, the signed certificate that contains key.pem.
>>> I suppose ssl_certificate must be "ssl.pem" and
>>> ssl_keyfile "key.pem" but what about
>>> ssl_cacertfile?. Is it the "cacerts certificates
>>> file" mentioned here?:
>>> http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.htm... >>> <http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.htm...>
>>> Is ssl_cacertfile a mandatory parameter?.
>>> Thank you,
>>> Iván Martínez
>>> El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry
>>> liu escribió:
>>> Hi,
>>> I really confused with ssl_certfile, ssl_keyfile
>>> and cacertfile, I use
>>> the below steps to create those files, but seems
>>> failed to setup https
>>> for zotonic:
