[Modules] mod_gnutls VirtualHost with properly signed certificates

Brenton Taylor brentontaylor5 at yahoo.com.au
Sun Mar 14 13:22:14 EDT 2010 

On 14/03/10 10:57, Brenton Taylor wrote:
> Hello everyone,
>
> I can't seem to find any good documentation on the internet that can
> explain how to use properly signed certificates with GnuTLS in my
> VirtualHost files.
>
> Distro: Debian lenny
> Apache/2.2.9
> mod gnutls
>
>
> This works good with a self signed certificate:
>
> <VirtualHost *:443>
>     GnuTLSEnable on
>     ServerName www.brentontaylor.net.au
>     GnuTLSPriorities NORMAL
>     GnuTLSCertificateFile "/etc/ssl/certs/www.brentontaylor.net.au.crt"
>     GnuTLSKeyFile "/etc/ssl/certs/www.brentontaylor.net.au.key"
>     DocumentRoot "/var/www/store/it
> </VirtualHost>
>
> But I need to convert the following to work with GnuTLS
>
> <VirtualHost *:443>
>     SSLEngine On
>     SSLProtocol all -SSLv2
>     SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
>     SSLCertificateFile "/etc/ssl/certs/www.brentontaylor.com.au.crt"
>     SSLCertificateKeyFile
> "/etc/ssl/certs/www.brentontaylor.com.au.no_enc.key"
>     SSLCertificateChainFile
> "/etc/ssl/certs/www.brentontaylor.com.au.sub.class1.server.ca.pem"
>     SSLCACertificateFile "/etc/ssl/certs/www.brentontaylor.com.au.ca.pem"
>     SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>     ServerName www.brentontaylor.net.au
>     DocumentRoot "/var/www/store/it
> </VirtualHost>
>
> Regards,
> Brenton Taylor
>
> PS: this is the second time I've used a mailing list :)
> Send instant messages to your online friends http://au.messenger.yahoo.com
>
> _______________________________________________
> Modules mailing list
> Modules at lists.outoforder.cc
> http://lists.outoforder.cc/mailman/listinfo/modules
Hello again, I'm replying to my message, found the solution :)

cat the files you use for "SSLCertificateFile" and 
"SSLCertificateChainFile" in that order to get the "GnuTLSCertificateFile"

cat /etc/ssl/certs/www.brentontaylor.com.au.crt \
/etc/ssl/certs/www.brentontaylor.com.au.sub.class1.server.ca.pem \
>  /etc/ssl/certs/www.brentontaylor.com.au.cat.pem

<VirtualHost *:443>
   GnuTLSEnable on
   ServerName www.brentontaylor.com.au
   GnuTLSPriorities NORMAL
   GnuTLSCertificateFile "/etc/ssl/certs/www.brentontaylor.com.au.cat.pem"
   GnuTLSKeyFile "/etc/ssl/certs/www.brentontaylor.com.au.no_enc.key"
   GnuTLSClientCAFile "/etc/ssl/certs/www.brentontaylor.com.au.ca.pem"
   DocumentRoot "/var/www/store/it
</VirtualHost>

Regards,
Brenton Taylor

Send instant messages to your online friends http://au.messenger.yahoo.com

More information about the Modules mailing list