[hunchentoot-devel] Chained SSL-certificates support

Semion Prihodko semion.ababo at gmail.com
Wed Sep 1 12:10:10 UTC 2010


I have sent them to u.

2010/9/1 Hans Hübner <hans.huebner at gmail.com>

> Please post links to the certificates, too.  Thanks.
>
> On Wed, Sep 1, 2010 at 13:58, Semion Prihodko <semion.ababo at gmail.com>
> wrote:
> > The code is very simple.
> > ;; begin of new code
> > (cl+ssl:reload)
> > (cl+ssl:use-certificate-chain-file "mysite.cer") ; my site
> > (cl+ssl:use-certificate-chain-file "geotrust.cer") ; intermediate
> > (cl+ssl:use-certificate-chain-file "geotrust+.cer") ; root
> > ;; end of new code
> > (make-instance 'ssl-acceptor
> >                        :ssl-certificate-file (car ssl-security)
> >                        :ssl-privatekey-file (cdr ssl-security)
> >                        :port (get-config-value :website-port))
> >
> > 2010/9/1 Hans Hübner <hans.huebner at gmail.com>
> >>
> >> Semion,
> >>
> >> can you please supply us with a minimal test case and pointers to the
> >> certificate files that you have tried?
> >>
> >> Thanks,
> >> Hans
> >>
> >> On Wed, Sep 1, 2010 at 12:40, Semion Prihodko <semion.ababo at gmail.com>
> >> wrote:
> >> > Hi guys,
> >> > I built a website which runs on Hunchentoot. Now it's time to buy
> >> > ssl-certificate. When I downloaded QuickSSL Trial cert I found out
> that
> >> > not
> >> > all the browsers accept it. After a little research I found out that
> >> > there
> >> > is another certificate must be installed. This means it's a "chain
> root
> >> > certificate", not a "single root". But it seems Hunchentoot has no
> >> > capability to work with chained certificates. CL+SSL has an
> interesting
> >> > function called USE-CERTIFICATE-CHAIN-FILE, but when I use it before
> >> > creation of my ssl-acceptor the second doesn't respond to browsers.
> What
> >> > can
> >> > I do in order to fix this issue? Thanks in advance.
> >> > _______________________________________________
> >> > tbnl-devel site list
> >> > tbnl-devel at common-lisp.net
> >> > http://common-lisp.net/mailman/listinfo/tbnl-devel
> >> >
> >>
> >> _______________________________________________
> >> tbnl-devel site list
> >> tbnl-devel at common-lisp.net
> >> http://common-lisp.net/mailman/listinfo/tbnl-devel
> >
> >
> > _______________________________________________
> > tbnl-devel site list
> > tbnl-devel at common-lisp.net
> > http://common-lisp.net/mailman/listinfo/tbnl-devel
> >
>
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20100901/fbf7fee8/attachment.html>


More information about the Tbnl-devel mailing list