[hunchentoot-devel] Chained SSL-certificates support

[Semion Prihodko]

The code is very simple.

;; begin of new code
(cl+ssl:reload)
(cl+ssl:use-certificate-chain-file "mysite.cer") ; my site
(cl+ssl:use-certificate-chain-file "geotrust.cer") ; intermediate
(cl+ssl:use-certificate-chain-file "geotrust+.cer") ; root
;; end of new code

(make-instance 'ssl-acceptor
                       :ssl-certificate-file (car ssl-security)
                       :ssl-privatekey-file (cdr ssl-security)
                       :port (get-config-value :website-port))


2010/9/1 Hans Hübner <hans.huebner at gmail.com>

> Semion,
>
> can you please supply us with a minimal test case and pointers to the
> certificate files that you have tried?
>
> Thanks,
> Hans
>
> On Wed, Sep 1, 2010 at 12:40, Semion Prihodko <semion.ababo at gmail.com>
> wrote:
> > Hi guys,
> > I built a website which runs on Hunchentoot. Now it's time to buy
> > ssl-certificate. When I downloaded QuickSSL Trial cert I found out that
> not
> > all the browsers accept it. After a little research I found out that
> there
> > is another certificate must be installed. This means it's a "chain root
> > certificate", not a "single root". But it seems Hunchentoot has no
> > capability to work with chained certificates. CL+SSL has an interesting
> > function called USE-CERTIFICATE-CHAIN-FILE, but when I use it before
> > creation of my ssl-acceptor the second doesn't respond to browsers. What
> can
> > I do in order to fix this issue? Thanks in advance.
> > _______________________________________________
> > tbnl-devel site list
> > tbnl-devel at common-lisp.net
> > http://common-lisp.net/mailman/listinfo/tbnl-devel
> >
>
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20100901/94fe0dfc/attachment.html>