Welcome to WebmasterWorld Guest from 54.226.194.180

Forum Moderators: phranque

Message Too Old, No Replies

Unique SSL Certificate Problem

     

lobo235

9:04 pm on Apr 30, 2009 (gmt 0)

10+ Year Member



I have got a really strange problem I am trying to fix. I am working for a large student apartment complex where they sell internet access to their tenants at different speed tiers. When new tenants connect their computers to the network and open their browser and try to surf to a page on the internet there is a router that notices that it has not seen the MAC address of that computer before so it forwards them to the internet sign-up page. The internet sign-up page is an internal website running with SSL since we are processing credit cards to give network access. The problem I am seeing is that most browsers within the network report that the SSL certificate is not valid. If I visit the SSL website from outside of the internal network (or on a computer that has already been signed-up) I don't get any messages about the SSL certificate being invalid.

What appears to be happening is that since the machines inside the network don't have internet access until they sign up they cannot validate the SSL certificate. How is the certificate validated? Is there a specific server or group of servers (Certificate Authorities?) that are involved in the SSL certificate verification process?

If I know what servers the browser is trying to connect to in order to validate the SSL certificate I can unblock those servers on the router so that computers that have not signed-up for internet access can still verify that the SSL certificate is valid.

I really don't know how this SSL certificate verification process works and I can't find any information on Google. Any help is appreciated even if you can just point me to some related resources somewhere on the net.

LifeinAsia

9:08 pm on Apr 30, 2009 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



You could setup a self-signed SSL certificate for use inside the LAN.

lobo235

9:48 pm on Apr 30, 2009 (gmt 0)

10+ Year Member



How would I get it to validate inside the network? Would I need to setup my own Certificate Authority (CA)?

LifeinAsia

10:31 pm on Apr 30, 2009 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Yep. Just Google "self-signed SSL certificate" for some instructions. We've done it for a couple of admin servers in-house. Some of the instructions are a little difficult to follow, but you can't beat the price ($0). :)

lobo235

2:48 pm on May 4, 2009 (gmt 0)

10+ Year Member



I found out what was going on... I didn't install the intermediate certificates that the SSL provider gave to me in Apache. After adding the following line it started working:

SSLCertificateChainFile /etc/server/cert/intermediates.crt

Thanks for the help. I may look into using some self-signed certificates for other internal purposes.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month