[BlueOnyx:07035] Re: Missing "Enable SSL" box

Michael Stauber mstauber at blueonyx.it
Thu Apr 14 13:55:09 -05 2011 

Hi all,

> > The certificate is now in place and it still does not show the box.
> > [...] As I said there is a certificate and it works in the browser
> > so Chris and I are scratching our heads.
> 
> Yeah, I can imagine! That's a bit unusual. :o/

OK, I found the problem with the SSL certificate and it was as follows:

When there is a certificate in the /certs directory, or if you create one 
(self signed or real), or when you import one (self signed or real), the GUI 
reads the cert to fetch some info from it for storage into CODB and for 
display in the GUI.

The info is then stored into CODB. In your case /var/log/messages reported an 
error when it tried to do that:

Apr 14 11:46:36 XX cced(smd)[25979]: client 6:[0:25977]: SET  481 . SSL email 
= "" country = "" orgUnit = "Domain Validated" orgName = "www.XXX.com" city = 
"" expires = "Apr 13 2012 23:59:59 GMT" state = "" 

Apr 14 11:46:36 XX cced(smd)[25979]: client 6:[0:25977]: SET 481.SSL failed 
(-5)

So I tried to replicate the storage procedure with CCEclient to get a better 
idea what it was complaining about:

[root at XX certs]# /usr/sausalito/bin/cceclient 
100 CSCP/0.80
200 READY
SET  481 . SSL email = "" country = "" orgUnit = "Domain Validated" orgName = 
"www.XXX.com" city = "" expires = "Apr 13 2012 23:59:59 GMT" state = ""
302 BAD DATA 481 country "[[base-ssl.country_invalid]]"
401 FAIL

So it was complaining that the field "country" was unspecified.

I then manually set the country to "USA" and submitted the info again with 
CCEclient:

SET  481 . SSL email = "" orgUnit = "Domain Validated" orgName = "www.XXX.com" 
city = "" expires = "Apr 13 2012 23:59:59 GMT" state = "USA"
201 OK

That then went through just fine and the SSL certificate then showed up in the 
GUI.

This then allowed me to enable the SSL certificate by ticking the checkbox.

I'll publish an update to base-ssl.mod to set a default country in case that 
field is missing. However, it shouldn't be missing in first place. How that 
happend I have no real idea.

-- 
With best regards

Michael Stauber
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110414/d73eca2e/attachment.html>

More information about the Blueonyx mailing list