I have got a really strange problem I am trying to fix. I am working for a large student apartment complex where they sell internet access to their tenants at different speed tiers. When new tenants connect their computers to the network and open their browser and try to surf to a page on the internet there is a router that notices that it has not seen the MAC address of that computer before so it forwards them to the internet sign-up page. The internet sign-up page is an internal website running with SSL since we are processing credit cards to give network access. The problem I am seeing is that most browsers within the network report that the SSL certificate is not valid. If I visit the SSL website from outside of the internal network (or on a computer that has already been signed-up) I don't get any messages about the SSL certificate being invalid.
What appears to be happening is that since the machines inside the network don't have internet access until they sign up they cannot validate the SSL certificate. How is the certificate validated? Is there a specific server or group of servers (Certificate Authorities?) that are involved in the SSL certificate verification process?
If I know what servers the browser is trying to connect to in order to validate the SSL certificate I can unblock those servers on the router so that computers that have not signed-up for internet access can still verify that the SSL certificate is valid.
I really don't know how this SSL certificate verification process works and I can't find any information on Google. Any help is appreciated even if you can just point me to some related resources somewhere on the net.
Yep. Just Google "self-signed SSL certificate" for some instructions. We've done it for a couple of admin servers in-house. Some of the instructions are a little difficult to follow, but you can't beat the price ($0). :)
I found out what was going on... I didn't install the intermediate certificates that the SSL provider gave to me in Apache. After adding the following line it started working: SSLCertificateChainFile /etc/server/cert/intermediates.crt
Thanks for the help. I may look into using some self-signed certificates for other internal purposes.