[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Free SSL-Certificates from StartCom Ltd.



BlueStar88 schrieb:
> "...On the 24th of December we updated our Intermediate CA certificates
> and added a few needed extension to the original certificate. The public
> key however did not change and all subscriber certificates are perfectly
> valid. Please follow the instructions below to update your Intermediate
> CA certificate..." [1]

No problem! The Intermediate CA certificates may be integrated in your
apache configuration (or lighttpd or ....). Small example for apache2:

 <VirtualHost .....:443>

    # SSL configuration
    SSLEngine On
    SSLCipherSuite HIGH
    SSLCertificateFile      /.../ssl.crt       # your public cert
    SSLCertificateKeyFile   /.../sss.key       # your private key
    SSLCertificateChainFile   /.../sub.ca.crt  # update on 24th Dec!
    SSLCACertificateFile     /.../ca.crt       # CA root cert

 ....
 </VirtualHost>

The CA Root Certificate is not changed and this one is trusted by
Mozilla by default. If the admin of the server does a good job and
update the certificates on 24th of December, the hole certification
chain may be verified in future too.

The Intermediate CA certificates have not to be integrated in the
clients, if the server admin has done a good job. (But I know, not all
server admins have the hole certification chain in the configuration.)

I think, Mozilla becames an update too and so all configurations will
work in future.