[hunchentoot-devel] Chained SSL-certificates support

Semion Prihodko semion.ababo at gmail.com
Wed Sep 1 12:59:06 UTC 2010 

No, in that case I get ERR_SSL_PROTOCOL_ERROR

2010/9/1 Vsevolod Dyomkin <vseloved at gmail.com>

> Hi Semion,
>
> you can put all your certificates in one file, first root, then
> intermediate, then your site.  It should work that way
>
> Best regargs,
> Vsevolod
>
>
>
> On Wed, Sep 1, 2010 at 2:58 PM, Semion Prihodko <semion.ababo at gmail.com>wrote:
>
>> The code is very simple.
>>
>> ;; begin of new code
>> (cl+ssl:reload)
>> (cl+ssl:use-certificate-chain-file "mysite.cer") ; my site
>> (cl+ssl:use-certificate-chain-file "geotrust.cer") ; intermediate
>> (cl+ssl:use-certificate-chain-file "geotrust+.cer") ; root
>> ;; end of new code
>>
>> (make-instance 'ssl-acceptor
>>                        :ssl-certificate-file (car ssl-security)
>>                        :ssl-privatekey-file (cdr ssl-security)
>>                        :port (get-config-value :website-port))
>>
>>
>> 2010/9/1 Hans Hübner <hans.huebner at gmail.com>
>>
>> Semion,
>>>
>>> can you please supply us with a minimal test case and pointers to the
>>> certificate files that you have tried?
>>>
>>> Thanks,
>>> Hans
>>>
>>> On Wed, Sep 1, 2010 at 12:40, Semion Prihodko <semion.ababo at gmail.com>
>>> wrote:
>>> > Hi guys,
>>> > I built a website which runs on Hunchentoot. Now it's time to buy
>>> > ssl-certificate. When I downloaded QuickSSL Trial cert I found out that
>>> not
>>> > all the browsers accept it. After a little research I found out that
>>> there
>>> > is another certificate must be installed. This means it's a "chain root
>>> > certificate", not a "single root". But it seems Hunchentoot has no
>>> > capability to work with chained certificates. CL+SSL has an interesting
>>> > function called USE-CERTIFICATE-CHAIN-FILE, but when I use it before
>>> > creation of my ssl-acceptor the second doesn't respond to browsers.
>>> What can
>>> > I do in order to fix this issue? Thanks in advance.
>>> > _______________________________________________
>>> > tbnl-devel site list
>>> > tbnl-devel at common-lisp.net
>>> > http://common-lisp.net/mailman/listinfo/tbnl-devel
>>> >
>>>
>>> _______________________________________________
>>> tbnl-devel site list
>>> tbnl-devel at common-lisp.net
>>> http://common-lisp.net/mailman/listinfo/tbnl-devel
>>>
>>
>>
>> _______________________________________________
>> tbnl-devel site list
>> tbnl-devel at common-lisp.net
>> http://common-lisp.net/mailman/listinfo/tbnl-devel
>>
>
>
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20100901/83eacf58/attachment.html>

More information about the Tbnl-devel mailing list