[hunchentoot-devel] Chained SSL-certificates support

Semion Prihodko semion.ababo at gmail.com
Wed Sep 1 12:01:43 UTC 2010 

forgot to attach certificates. here.

2010/9/1 Semion Prihodko <semion.ababo at gmail.com>

> The code is very simple.
>
> ;; begin of new code
> (cl+ssl:reload)
> (cl+ssl:use-certificate-chain-file "mysite.cer") ; my site
> (cl+ssl:use-certificate-chain-file "geotrust.cer") ; intermediate
> (cl+ssl:use-certificate-chain-file "geotrust+.cer") ; root
> ;; end of new code
>
> (make-instance 'ssl-acceptor
>                        :ssl-certificate-file (car ssl-security)
>                        :ssl-privatekey-file (cdr ssl-security)
>                        :port (get-config-value :website-port))
>
>
> 2010/9/1 Hans Hübner <hans.huebner at gmail.com>
>
> Semion,
>>
>> can you please supply us with a minimal test case and pointers to the
>> certificate files that you have tried?
>>
>> Thanks,
>> Hans
>>
>> On Wed, Sep 1, 2010 at 12:40, Semion Prihodko <semion.ababo at gmail.com>
>> wrote:
>> > Hi guys,
>> > I built a website which runs on Hunchentoot. Now it's time to buy
>> > ssl-certificate. When I downloaded QuickSSL Trial cert I found out that
>> not
>> > all the browsers accept it. After a little research I found out that
>> there
>> > is another certificate must be installed. This means it's a "chain root
>> > certificate", not a "single root". But it seems Hunchentoot has no
>> > capability to work with chained certificates. CL+SSL has an interesting
>> > function called USE-CERTIFICATE-CHAIN-FILE, but when I use it before
>> > creation of my ssl-acceptor the second doesn't respond to browsers. What
>> can
>> > I do in order to fix this issue? Thanks in advance.
>> > _______________________________________________
>> > tbnl-devel site list
>> > tbnl-devel at common-lisp.net
>> > http://common-lisp.net/mailman/listinfo/tbnl-devel
>> >
>>
>> _______________________________________________
>> tbnl-devel site list
>> tbnl-devel at common-lisp.net
>> http://common-lisp.net/mailman/listinfo/tbnl-devel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20100901/8e591f49/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mysite.cer
Type: application/octet-stream
Size: 1828 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20100901/8e591f49/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: geotrust.cer
Type: application/octet-stream
Size: 1462 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20100901/8e591f49/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: geotrust+.cer
Type: application/octet-stream
Size: 1236 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20100901/8e591f49/attachment-0002.obj>

More information about the Tbnl-devel mailing list