Received: by 10.236.118.161 with SMTP id l21mr11121257yhh.34.1351107481498; Wed, 24 Oct 2012 12:38:01 -0700 (PDT) X-BeenThere: zotonic-users@googlegroups.com Received: by 10.236.132.114 with SMTP id n78ls2868211yhi.9.gmail; Wed, 24 Oct 2012 12:38:01 -0700 (PDT) Received: by 10.236.141.237 with SMTP id g73mr11225577yhj.12.1351107481002; Wed, 24 Oct 2012 12:38:01 -0700 (PDT) Received: by 10.236.141.237 with SMTP id g73mr11225576yhj.12.1351107480985; Wed, 24 Oct 2012 12:38:00 -0700 (PDT) Return-Path: Received: from st11p02mm-asmtp003.mac.com (st11p02mm-asmtp003.mac.com. [17.172.220.238]) by gmr-mx.google.com with ESMTP id u24si749643ano.2.2012.10.24.12.38.00; Wed, 24 Oct 2012 12:38:00 -0700 (PDT) Received-SPF: pass (google.com: domain of mworr...@me.com designates 17.172.220.238 as permitted sender) client-ip=17.172.220.238; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of mworr...@me.com designates 17.172.220.238 as permitted sender) smtp.mail=mworr...@me.com MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_MjeROvw6Ja0Apy1WTZrOoA)" Received: from [192.168.1.16] (5469A6C2.cm-12-2c.dynamic.ziggo.nl [84.105.166.194]) by st11p02mm-asmtp003.mac.com (Oracle Communications Messaging Server 7u4-24.01(7.0.4.24.0) 64bit (built Jan 3 2012)) with ESMTPSA id <0MCE00KLKX75V...@st11p02mm-asmtp003.mac.com> for zotonic-users@googlegroups.com; Wed, 24 Oct 2012 19:37:56 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.7.7855,1.0.431,0.0.0000 definitions=2012-10-24_05:2012-10-24,2012-10-24,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=1 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1203120001 definitions=main-1210240230 From: Marc Worrell Subject: Re: [Zotonic-Usr] Re: How to setup SSL for zotonic? Date: Wed, 24 Oct 2012 21:37:53 +0200 In-reply-to: <51d9cff6-eefa-4cde-95f1-fdb80d3531d9@googlegroups.com> To: zotonic-users@googlegroups.com References: <15200c46-1891-4df4-8714-ad491ba28698@googlegroups.com> <32B707AE-5755-46F1-BC08-75A52B6BA...@mac.com> <51d9cff6-eefa-4cde-95f1-fdb80d3531d9@googlegroups.com> Message-id: <70A9C046-8759-49EB-9E87-3C57FDE60...@me.com> X-Mailer: Apple Mail (2.1278) --Boundary_(ID_MjeROvw6Ja0Apy1WTZrOoA) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable In 0.8 the SSL is handled by starting a separate listener from the main = supervisor. Check src/zotonic_sup.erl It just hands all settings you pass to MochiWeb for initializing a SSL = listener. Very strange that you seem to have problems, as MaxClass.com is running = on 0.8 and uses the same code. Maybe you can check what happens in the listeners? We might need to add some extra checks, which is also very useful for = the 0.9 - Marc On 24 okt. 2012, at 21:28, Ivan Martinez wrote: > Thank you Marc, I understand from 0.9 docs that I only need = ssl_certfile and ssl_keyfile, since I'm using a self-signed certificate. = I'm running Zotonic 0.8.1 and following the instructions for 0.6 = published here: > http://zotonic.com/https-support > It doesn't seem to work but I don't get any error either, it's like = nothing changed. I even tried setting wrong paths to the certificate = files as follows: >=20 > {listen_port_ssl, 8443}, > {ssl, true}, > {ssl_certfile, "/wrong_path/website.local.pem"}, > {ssl_keyfile, "/wrong_path/website.local.key"} >=20 > Still no error message, my Zotonic seems to ignore these settings. I = looked in the modules list of the admin console but couldn't find = anything related to SSL. Am I forgetting to install or enable anything?. >=20 > Thank you, > Ivan >=20 >=20 > El s=E1bado, 20 de octubre de 2012 22:08:16 UTC+2, Marc Worrell = escribi=F3: > Hi, >=20 > Maybe the 0.9 ssl docs can take away a bit of your confusion. >=20 > http://zotonic.com/docs/ref/modules/mod_ssl.html >=20 > - Marc >=20 > Sent from my iPhone >=20 > On 20 okt. 2012, at 21:29, Ivan Martinez wrote: >=20 >> I'm also confused with the certificates configuration, the lack of a = certificate naming convention makes things difficult. What I have is: >> - key.pem, my private key. >> - request.pem, the certificate request. >> - ssl.pem, the signed certificate that contains key.pem. >> I suppose ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem" = but what about ssl_cacertfile?. Is it the "cacerts certificates file" = mentioned here?: >> = http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.html#imp= ortCmd >> Is ssl_cacertfile a mandatory parameter?. >> Thank you, >> Iv=E1n Mart=EDnez >>=20 >> El jueves, 14 de julio de 2011 03:29:44 UTC+2, kerry liu escribi=F3: >> Hi,=20 >>=20 >> I really confused with ssl_certfile, ssl_keyfile and cacertfile, I = use=20 >> the below steps to create those files, but seems failed to setup = https=20 >> for zotonic:=20 >>=20 >> openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout=20 >> ssl_keyfile.pem -out ssl_cacertfile.pem=20 >> openssl req -out server.csr -key ssl_keyfile.pem -new=20 >>=20 >> Question is how to create ssl_certfile?=20 >>=20 >> Many thx for your help.=20 >>=20 >> Best regards=20 >> Kerry --Boundary_(ID_MjeROvw6Ja0Apy1WTZrOoA) Content-type: text/html; charset=iso-8859-1 Content-transfer-encoding: quoted-printable In = 0.8 the SSL is handled by starting a separate listener from the main = supervisor.
Check = src/zotonic_sup.erl

It just hands all = settings you pass to MochiWeb for initializing a SSL = listener.

Very strange that you seem to have = problems, as MaxClass.com is running = on 0.8 and uses the same code.

Maybe you can = check what happens in the listeners?
We might need to add some = extra checks, which is also very useful for the = 0.9

- = Marc


On 24 okt. 2012, at 21:28, = Ivan Martinez wrote:

Thank you = Marc, I understand from 0.9 docs that I only need ssl_certfile and = ssl_keyfile, since I'm using a self-signed certificate. I'm running = Zotonic 0.8.1 and following the instructions for 0.6 published = here:
http://zotonic.com/https-support=
It doesn't seem to work but I don't get any error either, it's = like nothing changed. I even tried setting wrong paths to the = certificate files as follows:

{listen_port_ssl, 8443},
{ssl, = true},
{ssl_certfile, = "/wrong_path/website.local.pem"},
{ssl_keyfile, = "/wrong_path/website.local.key"}

Still no error message, my = Zotonic seems to ignore these settings. I looked in the modules list of = the admin console but couldn't find anything related to SSL. Am I = forgetting to install or enable anything?.

Thank = you,
Ivan


El s=E1bado, 20 de octubre de 2012 22:08:16 = UTC+2, Marc Worrell escribi=F3:
Hi,

Maybe the 0.9 ssl docs = can take away a bit of your confusion.


I'm also confused = with the certificates configuration, the lack of a certificate naming = convention makes things difficult. What I have is:
- key.pem, my = private key.
- request.pem, the certificate request.
- ssl.pem, = the signed certificate that contains key.pem.
I suppose = ssl_certificate must be "ssl.pem" and ssl_keyfile "key.pem" but what = about ssl_cacertfile?. Is it the "cacerts certificates file" mentioned = here?:
http://docs.oracle.com/javase/1.5.0/docs/tooldocs/s= olaris/keytool.html#importCmd
Is ssl_cacertfile a mandatory = parameter?.
Thank you,
Iv=E1n Mart=EDnez

El jueves, 14 de = julio de 2011 03:29:44 UTC+2, kerry liu escribi=F3:
Hi,

I really confused with ssl_certfile, ssl_keyfile and cacertfile, I = use
the below steps to create those files, but seems failed to setup = https
for zotonic:

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout
ssl_keyfile.pem -out ssl_cacertfile.pem
openssl req -out server.csr -key ssl_keyfile.pem -new

Question is how to create ssl_certfile?

Many thx for your help.

Best regards =
Kerry
<= /div>
= --Boundary_(ID_MjeROvw6Ja0Apy1WTZrOoA)--