Forum OpenACS Q&A: Re: SSL Support for OpenACS - install failed

Collapse
Posted by Sven Schmitt on
Steve,

thanks a lot for your help. It brought us many steps further.

One question remaining though...
I got a certfile.pem and a keyfile.pem located in ${serverroot}/etc/certs/, but I think there should be a ca.pem, too. What is it? Do I have to generate it? And if yes, do you happen to know how I can do it?

Our error log looks like this now:

Notice: modload: loading '/usr/local/aolserver40r10/bin/nsopenssl.so'
Notice: nsopenssl: generating 512-bit temporary RSA key ...
Notice: nsopenssl: generating 1024-bit temporary RSA key ...
Notice: nsopenssl (oacs-5-1): loading SSL context 'users'
Notice: nsopenssl (oacs-5-1): 'users' ciphers loaded successfully
Notice: nsopenssl (oacs-5-1): 'users' using SSLv2 protocol
Notice: nsopenssl (oacs-5-1): 'users' using SSLv3 protocol
Notice: nsopenssl (oacs-5-1): 'users' using TLSv1 protocol
Notice: nsopenssl (oacs-5-1): 'users' certificate and key loaded successfully
Notice: nsopenssl (oacs-5-1): 'users' failed to load CA certificate file '/www/openacs/oacs-5-1/etc/certs/ca.pem'
Error: nsopenssl (oacs-5-1): 'users' CA certificate file is not readable or does not exist
Notice: users (nsopenssl): session cache is turned on for sslcontext 'oacs-5-1'
Notice: nsopenssl (oacs-5-1): default SSL context for server is users
Notice: nsopenssl (oacs-5-1): loading 'users' SSL driver
Notice: nsopenssl: listening on 134.155.48.128:10001

As always,
Sven