Forum OpenACS Q&A: Re: SSL Support for OpenACS - install failed

Posted by Steve Manning on
> I got a certfile.pem and a keyfile.pem located in ${serverroot}/etc/certs/, but I think there should be a ca.pem, too. What is it?

Its the certificate for the certificate authority e.g. Verisign - the body who says that your certificate is genuine.

> Do I have to generate it? And if yes, do you happen to know how I can do it?

You should find the https connection is working but that your browser complains about the certificate because it can't validate it. This is not a problem for testing and staging although you can generate your own ca.pem if you want. Look at or google for ca.pem.

On a live server you'll need to buy a certificate from a CA - we use SureSSL who are dirt cheap and it works very well (look at to see it in action - AOLS 4, OpenACS 5.x and nsopenssl 3). If you do go down this route you'll need to follow the instructions from the CA as you'll need to generate a request file which you forward to them. They use this to generate the certificates which you install on your server.

- Steve