Cherokee Web-Server SSL Setup
Over the last couple of days we have been running into quite a few issues with online surveys regarding our SSL certificate in Internet Explorer 6. Once we made sure all of the media on our site was coming from a valid SSL source, our certificates worked fine on all browsers aside from the dreaded IE6. Though this is becoming less and less of a concern to many people, we here at FluidSurveys still work hard to support those die-hard fans who for whatever reason refuse to give up the browser war and continue to side with the six.
Initially, we thought we had it set up properly by following a mix of instructions for other web servers, such as apache and IIS, figuring out proper configuration through trial and error and we thought we had it all working. This was great until we noticed a pop-up in IE6 stating “The security certificate was issued by a company you have chosen not to trust. View the certificate to determine whether you want to trust the certifying authority.” After looking in to this message, I had determined that this message was caused by not having the intermediate certificate and root certificate installed properly with Cherokee. Simple enough, right? I checked with our certificate issuer and they had instructions for installing these certificates for what seemed like every web server but Cherokee web-server. From the Apache instructions I knew I was looking for the equivalent of the SSLCertificateChainFile which would provide the full chain of certificates from ours, back down to the root certificate.
After trying many things, and contacting godaddy, who told me they did not support Cherokee, I finally managed to figure out how to get it to work. The answer is pretty simple, if you follow the rest of the directions about setting up SSL with Cherokee, pointing your virtual server to the correct ssl certificate (Ours was fluidsurveys.com.crt) and the proper key (fluidsurveys.com.key) there was no place to input the gd_bundle.crt (The inermediate certificate package that godaddy provided us). The solution is to combine your site certificate (fluidsurveys.com.key) with your bundle certificate, root certificate, or intermediate certificates. To do this, simply make a backup of your site certificate (fluidsurveys.com.crt), then cat the intermediate bundle with the original site certificate. “cat gd_bundle.crt >> fluidsurveys.com.crt” This should now solve your issue with IE6 not recognizing the issuer of your SSL certificate.
Latest posts by Aydin Mirzaee (see all)
- We’ll be in Toronto this Wednesday the 19th – let’s meet up! - June 17, 2013
- iPad Contest – and the Winners Are… - June 4, 2012
- Enter to Win the New iPad – 2 Easy Steps! Or Win a Trendy FluidSurveys T-Shirt! - May 14, 2012
- Last 5 Seats for Wednesday’s Webinar! – The secret to getting the right respondents - April 10, 2012