Installing Alpha SSL certificates

51 views
Skip to first unread message

bparanj

unread,
Aug 22, 2014, 12:42:53 PM8/22/14
to railsmachin...@googlegroups.com
I got the following certificates from AlphaSSL:
GlobalSign Root CA Certificate
AlphaSSL intermediate Certificate

According to the docs for Moonshine:

:ssl:
  :certificate_file: /home/rails/certs/yourdomain.com.crt
  :certificate_key_file: /home/rails/certs/mynewsite.key
  :certificate_chain_file: /home/rails/certs/gd_bundle.crt

My question is what should be the value for certificate_chain_file?  What should I do with the intermediate certificate?

:ssl:
  :certificate_file: /home/rails/certs/My domain SSL Certificate
  :certificate_key_file: /home/rails/certs/mynewsite.key
  :certificate_chain_file: /home/rails/certs/what goes here?
 
TIA. 

Kevin Lawver

unread,
Aug 22, 2014, 12:48:24 PM8/22/14
to railsmachin...@googlegroups.com
The intermediate certificate should be the value of :certificate_chain_file:.


--
You received this message because you are subscribed to the Google Groups "Moonshine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to railsmachine-moon...@googlegroups.com.
To post to this group, send email to railsmachin...@googlegroups.com.
Visit this group at http://groups.google.com/group/railsmachine-moonshine.
For more options, visit https://groups.google.com/d/optout.

bparanj

unread,
Aug 23, 2014, 3:00:39 AM8/23/14
to railsmachin...@googlegroups.com
I now get the following error in the apache error log:

cat error.log
[ 2014-08-23 06:55:27.7633 19438/7ff991e44740 agents/Watchdog/Main.cpp:522 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'rails', 'default_python' => 'python', 'default_ruby' => 'ruby', 'default_user' => 'rails', 'log_level' => '0', 'max_pool_size' => '3', 'passenger_root' => '/usr/lib/ruby/gems/2.1.0/gems/passenger-enterprise-server-4.0.45', 'passenger_version' => '4.0.45', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.45', 'web_server_pid' => '19437', 'web_server_type' => 'apache', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-08-23 06:55:27.7750 19441/7f9baa0a3740 agents/HelperAgent/Main.cpp:685 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.19437/generation-0/request
[ 2014-08-23 06:55:27.7849 19446/7f2f7005d740 agents/LoggingAgent/Main.cpp:305 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.19437/generation-0/logging
[ 2014-08-23 06:55:27.7851 19438/7ff991e44740 agents/Watchdog/Main.cpp:712 ]: All Phusion Passenger agents started!
[Sat Aug 23 06:55:27 2014] [error] Init: Pass phrase incorrect
[Sat Aug 23 06:55:27 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sat Aug 23 06:55:27 2014] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sat Aug 23 06:55:27 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sat Aug 23 06:55:27 2014] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Sat Aug 23 06:55:27 2014] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sat Aug 23 06:55:27 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sat Aug 23 06:55:27 2014] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[ 2014-08-23 06:55:27.8014 19446/7f2f7005d740 agents/LoggingAgent/Main.cpp:273 ]: Caught signal, exiting...

It's complaining about pass phrase. I used a pass phrase when I created the CSR request. Is it causing the problem?

Kevin Lawver

unread,
Aug 23, 2014, 10:46:30 AM8/23/14
to railsmachin...@googlegroups.com
Probably.  I've never set up a cert with a passphrase before, so I'd bet that's the issue.  A little Googling led me to this:


You should be able to set that SSLPassPhraseDialog setting in the :ssl: => :vhost_extra: option in config/moonshine.yml.

Bryan Traywick

unread,
Aug 23, 2014, 12:15:29 PM8/23/14
to railsmachin...@googlegroups.com
Another option is to remove the password from the private key:

    openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key

You will then need to update :certificate_key_file to point to the password-less private key file.
To unsubscribe from this group and stop receiving emails from it, send an email to railsmachine-moonshine+unsub...@googlegroups.com.
To post to this group, send email to railsmachine-moonshine@googlegroups.com.

bparanj

unread,
Aug 23, 2014, 9:24:01 PM8/23/14
to railsmachin...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages