Changes between Version 1 and Version 2 of SecurityInfo

Timestamp:

11/08/10 22:19:03 (6 years ago)

Author:

chris

Comment:

--

SecurityInfo

@@ -92 +92 @@
 }}}
 
+Note the error at the end, '''"Verify return code: 21 (unable to verify the first certificate)"'''.
+
 Copy from the "-----BEGIN CERTIFICATE-----" to the "-----END CERTIFICATE-----" , and save it in your ~/.cert/www.transitionnetwork.org/ directory as www.transitionnetwork.org.pem.
 
-This certificate was issued by Gandi, so you need to get "Certification Authority Root Certificate":
-
+This certificate was issued by Gandi, so you need to get the various certificates [http://wiki.gandi.net/en/ssl/intermediate?rev=1236084787 from gandi.net] and chenge them into pem format:
+ 
 {{{
-$ wget http://crt.gandi.net/GandiStandardSSLCA.crt -O ~/.cert/www.transitionnetwork.org/gandi.pem
+wget http://crt.gandi.net/GandiStandardSSLCA.crt
+wget http://crt.usertrust.com/UTNAddTrustServer_CA.crt
+wget http://crt.usertrust.com/AddTrustExternalCARoot.crt
+openssl x509 -inform DER -in GandiStandardSSLCA.crt -out GandiStandardSSLCA.pem
+openssl x509 -inform DER -in AddTrustExternalCARoot.crt -out AddTrustExternalCARoot.pem
+openssl x509 -inform DER -in UTNAddTrustServer_CA.crt -out UTNAddTrustServer_CA.pem
 }}}
 
@@ -111 +118 @@
 $ openssl s_client -CApath ~/.cert/www.transitionnetwork.org/ -connect www.transitionnetwork.org:443
 }}}
+
+And you should now output like above but with this at the end:
+
+{{{
+    Verify return code: 0 (ok)
+}}}
+