homepage Welcome to WebmasterWorld Guest from 23.20.63.27
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Unique SSL Certificate Problem
lobo235




msg:3904414
 9:04 pm on Apr 30, 2009 (gmt 0)

I have got a really strange problem I am trying to fix. I am working for a large student apartment complex where they sell internet access to their tenants at different speed tiers. When new tenants connect their computers to the network and open their browser and try to surf to a page on the internet there is a router that notices that it has not seen the MAC address of that computer before so it forwards them to the internet sign-up page. The internet sign-up page is an internal website running with SSL since we are processing credit cards to give network access. The problem I am seeing is that most browsers within the network report that the SSL certificate is not valid. If I visit the SSL website from outside of the internal network (or on a computer that has already been signed-up) I don't get any messages about the SSL certificate being invalid.

What appears to be happening is that since the machines inside the network don't have internet access until they sign up they cannot validate the SSL certificate. How is the certificate validated? Is there a specific server or group of servers (Certificate Authorities?) that are involved in the SSL certificate verification process?

If I know what servers the browser is trying to connect to in order to validate the SSL certificate I can unblock those servers on the router so that computers that have not signed-up for internet access can still verify that the SSL certificate is valid.

I really don't know how this SSL certificate verification process works and I can't find any information on Google. Any help is appreciated even if you can just point me to some related resources somewhere on the net.

 

LifeinAsia




msg:3904419
 9:08 pm on Apr 30, 2009 (gmt 0)

You could setup a self-signed SSL certificate for use inside the LAN.

lobo235




msg:3904450
 9:48 pm on Apr 30, 2009 (gmt 0)

How would I get it to validate inside the network? Would I need to setup my own Certificate Authority (CA)?

LifeinAsia




msg:3904484
 10:31 pm on Apr 30, 2009 (gmt 0)

Yep. Just Google "self-signed SSL certificate" for some instructions. We've done it for a couple of admin servers in-house. Some of the instructions are a little difficult to follow, but you can't beat the price ($0). :)

lobo235




msg:3906376
 2:48 pm on May 4, 2009 (gmt 0)

I found out what was going on... I didn't install the intermediate certificates that the SSL provider gave to me in Apache. After adding the following line it started working:

SSLCertificateChainFile /etc/server/cert/intermediates.crt

Thanks for the help. I may look into using some self-signed certificates for other internal purposes.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved