So I've been talking lately, amongst myself and with a few other people as well, about wanting to start doing some kind of physical activity on a regular basis again. I miss it. One of the more prevelant ideas I've had has been indoor rock climbing. It's been years since I've done it, and I loved it when I did.
Today, for work, I'm going to be going way the hell up into north Phoenix, way far away... so I pull up a map of where I'm going... look carefully.... look again... scratch my head, and say "Hey.. I recognize that area. I've seen a map talking about this location...", then it hits me like a donkey punch! That's right up there next to one of the rock gyms I used to go to! I think it's time for me to start making up excuses to go up to our co-location facility. Now I just need to find somebody to go climbing with me.
Anybody? Anybody? Bueller?
20 July, 2006
12 July, 2006
SSL woes
For those of you non technical types, feel free to tune out now. I won't be offended. Honest. This is going to be quite a rant.
So I've got this job, right. And at this job, we do a lot of website hosting, some of these on "secure" (https) servers. For these servers and their hosted pages to work properly, I need an SSL certificate. Easy enough, right? Haha, I wish.
A couple weeks ago, it comes time that we need to order a new SSL certificate, for a new secure website. We go to Thawte, where we've ordered all of our certificates from before, place an order for a new one, and give them all the information they need. After numerous correspondences and far too much time wasted, it becomes glaringly obvious that we're not going to get a certificate from Thawte anytime soon. Alright, screw them, we'll go with the new trusted name on the internet, GoDaddy. They know what they're doing.
Don't they?
We place the order with GoDaddy and receive our new certificate almost immediately. Wonderful! I'm liking this already. Follow their instructions to install the certificate, all goes smoothly... but just to be safe, before I restart the web server, I run a "configtest", to make sure it likes it.
Time to call up GoDaddy support, see if they can help out. I talk to the general tech support girl .... she has no idea what I'm talking about, says she has to pass me on to SSL support. Alright, cool. They've got good hold music anyways. A whole bunch of swing/ska music.... I could stay on hold here all day! (And I nearly do....) Several songs and a good while later, I'm talking to an SSL support guy. I describe the problem to him... he thinks for a minute... asks a few basic questions.... and then decides that I need to re-generate the key.
Woah. Hold on. What?
I tell him the problem again. Still he insists that I should regenerate the key. Okay, I'll try a different approach. I ask him if GoDaddy can possibly create a key WITHOUT the intermediate key. Apparently this thought is blasphemous in his world, and quite an impossible feat. Lovely. I ask for his recommendation on the stipulation that our web server, for some reason, doesn't support using an intermediate key. "Uh.. well.. you should regenerate .... " oh wow, I can see this is getting nowhere fast. Okay okay, another approach.. quick. I ask him if he thinks I might need to upgrade OpenSSL. We've got a 0.9.7 version... that sounds relatively up to date, but I'm not sure how recent. Maybe this is just something not supported there. At which point he lays this whopper on me: Apparently, the GoDaddy servers, are running OpenSSL 1.3. Ahem. coughcough.
*sigh* The trials of working in an undocumented environment.
So I've got this job, right. And at this job, we do a lot of website hosting, some of these on "secure" (https) servers. For these servers and their hosted pages to work properly, I need an SSL certificate. Easy enough, right? Haha, I wish.
A couple weeks ago, it comes time that we need to order a new SSL certificate, for a new secure website. We go to Thawte, where we've ordered all of our certificates from before, place an order for a new one, and give them all the information they need. After numerous correspondences and far too much time wasted, it becomes glaringly obvious that we're not going to get a certificate from Thawte anytime soon. Alright, screw them, we'll go with the new trusted name on the internet, GoDaddy. They know what they're doing.
Don't they?
We place the order with GoDaddy and receive our new certificate almost immediately. Wonderful! I'm liking this already. Follow their instructions to install the certificate, all goes smoothly... but just to be safe, before I restart the web server, I run a "configtest", to make sure it likes it.
$ sudo apache-sslctl configtestWonderful. Doesn't work. Hmm well, what if I just comment that line out? Can't hurt too much, right? So I comment the line out.... run a configtest... it's okay! Groovy! Restart apache, and we're up and running! So I open up Firefox, go to the website, it's secured... no problems! Oh wait, just to be safe, I better check it in IE also. Open up IE... bring up the site... what? Can't verify the certificate? What the hell is this? Oh crap. That line that didn't work. GoDaddy provides an "intermediate" certificate for ... whatever stupid reason. That's great. Well, we can't have IE users always getting an error. This just will not do.
Syntax error on line 1213 of /etc/apache-ssl/httpd.conf:
Invalid command 'SSLCertificateChainFile', perhaps mis-spelled or defined by a module not included in the server configuration
Time to call up GoDaddy support, see if they can help out. I talk to the general tech support girl .... she has no idea what I'm talking about, says she has to pass me on to SSL support. Alright, cool. They've got good hold music anyways. A whole bunch of swing/ska music.... I could stay on hold here all day! (And I nearly do....) Several songs and a good while later, I'm talking to an SSL support guy. I describe the problem to him... he thinks for a minute... asks a few basic questions.... and then decides that I need to re-generate the key.
Woah. Hold on. What?
I tell him the problem again. Still he insists that I should regenerate the key. Okay, I'll try a different approach. I ask him if GoDaddy can possibly create a key WITHOUT the intermediate key. Apparently this thought is blasphemous in his world, and quite an impossible feat. Lovely. I ask for his recommendation on the stipulation that our web server, for some reason, doesn't support using an intermediate key. "Uh.. well.. you should regenerate .... " oh wow, I can see this is getting nowhere fast. Okay okay, another approach.. quick. I ask him if he thinks I might need to upgrade OpenSSL. We've got a 0.9.7 version... that sounds relatively up to date, but I'm not sure how recent. Maybe this is just something not supported there. At which point he lays this whopper on me: Apparently, the GoDaddy servers, are running OpenSSL 1.3. Ahem. coughcough.
The current version is available from http://www.openssl.org. OpenSSL 0.9.8b was released on May 4th, 2006.Well hello Mr. Future Man! What's it like to be in the year 2025? I'm done with this fool. GoDaddy's support is USELESS. I guess I'll have to do some more creative Googling. Eventually, I come across this site. Exactly what I've been needing from the beginning. This confirms my suspicions that GoDaddy's documentation and tech support is lacking. We're using another (apparently widely used) ssl package. And what it all comes down to is changing the directive for that line. So instead of having "SSLCertificateChainFile", I use "SSLCACertificateFile" .... and then it works perfectly! Shiny!
*sigh* The trials of working in an undocumented environment.
10 July, 2006
Crazy times...
Ah, the joys of drinking with old punks. Good times.I'm so surprised they still let us come back to this place. I'm also quite surprised he made it to work today.
05 July, 2006
Subscribe to:
Posts (Atom)