Welcome to WebmasterWorld Guest from 54.145.53.251

Forum Moderators: phranque

Message Too Old, No Replies

Unique SSL Certificate Problem

     
9:04 pm on Apr 30, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Aug 8, 2003
posts: 232
votes: 0


I have got a really strange problem I am trying to fix. I am working for a large student apartment complex where they sell internet access to their tenants at different speed tiers. When new tenants connect their computers to the network and open their browser and try to surf to a page on the internet there is a router that notices that it has not seen the MAC address of that computer before so it forwards them to the internet sign-up page. The internet sign-up page is an internal website running with SSL since we are processing credit cards to give network access. The problem I am seeing is that most browsers within the network report that the SSL certificate is not valid. If I visit the SSL website from outside of the internal network (or on a computer that has already been signed-up) I don't get any messages about the SSL certificate being invalid.

What appears to be happening is that since the machines inside the network don't have internet access until they sign up they cannot validate the SSL certificate. How is the certificate validated? Is there a specific server or group of servers (Certificate Authorities?) that are involved in the SSL certificate verification process?

If I know what servers the browser is trying to connect to in order to validate the SSL certificate I can unblock those servers on the router so that computers that have not signed-up for internet access can still verify that the SSL certificate is valid.

I really don't know how this SSL certificate verification process works and I can't find any information on Google. Any help is appreciated even if you can just point me to some related resources somewhere on the net.

9:08 pm on Apr 30, 2009 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5550
votes: 24


You could setup a self-signed SSL certificate for use inside the LAN.
9:48 pm on Apr 30, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Aug 8, 2003
posts: 232
votes: 0


How would I get it to validate inside the network? Would I need to setup my own Certificate Authority (CA)?
10:31 pm on Apr 30, 2009 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5550
votes: 24


Yep. Just Google "self-signed SSL certificate" for some instructions. We've done it for a couple of admin servers in-house. Some of the instructions are a little difficult to follow, but you can't beat the price ($0). :)
2:48 pm on May 4, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Aug 8, 2003
posts: 232
votes: 0


I found out what was going on... I didn't install the intermediate certificates that the SSL provider gave to me in Apache. After adding the following line it started working:

SSLCertificateChainFile /etc/server/cert/intermediates.crt

Thanks for the help. I may look into using some self-signed certificates for other internal purposes.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members