[hunchentoot-devel] Chained SSL-certificates support

Vsevolod Dyomkin vseloved at gmail.com
Wed Sep 1 12:09:54 UTC 2010 

Hi Semion,

you can put all your certificates in one file, first root, then
intermediate, then your site.  It should work that way

Best regargs,
Vsevolod


On Wed, Sep 1, 2010 at 2:58 PM, Semion Prihodko <semion.ababo at gmail.com>wrote:

> The code is very simple.
>
> ;; begin of new code
> (cl+ssl:reload)
> (cl+ssl:use-certificate-chain-file "mysite.cer") ; my site
> (cl+ssl:use-certificate-chain-file "geotrust.cer") ; intermediate
> (cl+ssl:use-certificate-chain-file "geotrust+.cer") ; root
> ;; end of new code
>
> (make-instance 'ssl-acceptor
>                        :ssl-certificate-file (car ssl-security)
>                        :ssl-privatekey-file (cdr ssl-security)
>                        :port (get-config-value :website-port))
>
>
> 2010/9/1 Hans Hübner <hans.huebner at gmail.com>
>
> Semion,
>>
>> can you please supply us with a minimal test case and pointers to the
>> certificate files that you have tried?
>>
>> Thanks,
>> Hans
>>
>> On Wed, Sep 1, 2010 at 12:40, Semion Prihodko <semion.ababo at gmail.com>
>> wrote:
>> > Hi guys,
>> > I built a website which runs on Hunchentoot. Now it's time to buy
>> > ssl-certificate. When I downloaded QuickSSL Trial cert I found out that
>> not
>> > all the browsers accept it. After a little research I found out that
>> there
>> > is another certificate must be installed. This means it's a "chain root
>> > certificate", not a "single root". But it seems Hunchentoot has no
>> > capability to work with chained certificates. CL+SSL has an interesting
>> > function called USE-CERTIFICATE-CHAIN-FILE, but when I use it before
>> > creation of my ssl-acceptor the second doesn't respond to browsers. What
>> can
>> > I do in order to fix this issue? Thanks in advance.
>> > _______________________________________________
>> > tbnl-devel site list
>> > tbnl-devel at common-lisp.net
>> > http://common-lisp.net/mailman/listinfo/tbnl-devel
>> >
>>
>> _______________________________________________
>> tbnl-devel site list
>> tbnl-devel at common-lisp.net
>> http://common-lisp.net/mailman/listinfo/tbnl-devel
>>
>
>
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20100901/7e1c552a/attachment.html>

More information about the Tbnl-devel mailing list