Hello,

I'm having som troubles installing the Entrust "chain" certificate on a RAQ3. The instructions are at:

http://www.entrust.net/tech/apachemod_ssl/install.htm#chaincert

In particular, it says:

Save the certificate in the directory identified by the SSLCACertificatePath entry (in "httpd.conf")

I can't find any reference to SSLCACertificatePath in httpd.conf. Has anyone been able to figure out how to install this?

The certificate seems to work fine in Internet Explorer, as the Entrust Root Key is in the browser. But, for older browsers, e.g. Netscape 4.7, I get warnings, and presumably this Chain certificate signed by Thawte allows the Entrust key to be recognized properly.

Any help would be greatly appreciated.

Sincerely,

George Kirikos
http://www.kirikos.com

Hello,

Just for the archives, the problem is now solved, thanks to some help from Entrust and Cobalt.

The solution is as follows:

1. Copy the chain certificate file provided by entrust to:
/etc/httpd/conf/entrustchaincert.txt (or another convenient location)

2. Edit the httpd.conf file so that there is a line in the SSL section as:

SSLCACertificateFile /etc/httpd/conf/entrustchaincert.txt

3. Restart httpd.

Now when opening in old versions of Netscape or IE, it contains the
correct certification path (Thawte-->Entrust-->my website), and there
are no ugly warnings.

By the way, for the instructions at:

http://www.entrust.net/tech/apachemod_ssl/install.htm#chaincert

I did not have to do any of the steps 1 through 7. I just needed to add
the above line (and install using the Cobalt RAQ admin screens, pasting
in the certificate for the website itself).

Hopefully this works in a RAQ4 too, so that other Tucows resellers have no problems installing the Tucows/Entrust web certificates.

If you want to see what they look like, try going to:

https://www.loffs.com/

There are no warnings at all, even with older browsers. Woohoo!! :)

Sincerely,

George Kirikos
http://www.kirikos.com/

Originally posted by GeorgeK

1. Copy the chain certificate file provided by entrust to:
/etc/httpd/conf/entrustchaincert.txt (or another convenient location)

2. Edit the httpd.conf file so that there is a line in the SSL section as:

SSLCACertificateFile /etc/httpd/conf/entrustchaincert.txt

3. Restart httpd.

I recently purchased a certificate from entrust and followed the above instructions but still get the ugly messages from netscape. Entrust root certificate was installed as entrustchaincert.txt.

Can anyone give pointers?

Ja

Did you get the Entrust.net directly from Entrust or through a reseller? I am trying to find Entrust resellers instead of paying the full retail price.

Isn't Entrust a Root?