how to apply ssl certificates to aol server in tcl script?

Question

using https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,33 I generated "server.csr" to further create public certificate. then i got two encrypted keys. I tried to make changes in the config.tcl accordingly but still the project-open application is pointing to local certificates. particial code of config.tcl in which i made changes as follows:

ns_section ns/server/${server}/module/nsopenssl/sslcontexts
ns_param users "SSL context used for regular user access"
ns_section ns/server/${server}/module/nsopenssl/defaults
ns_param server users
ns_section ns/server/${server}/module/nsopenssl/sslcontext/users
ns_param Role server
ns_param ModuleDir ${serverroot}/etc/certs/
ns_param CertFile newcert.pem
ns_param KeyFile keyfile.pem
ns_param CADir ca
ns_param CAFile shipo_cert.txt
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false

shipo_cert.txt is the certificate provided along with one more certificate shipo_interm.txt.

I searched and tried my best but couldn't do it. please help me out in this.

P.S. the project-open instance is already working with self signed certificate using openssl. but my organization wants it to run with the certificates they are providing

Have you packed your private key and the signed public key, together with the CA keychain, into a `.p12` file yet? — Donal Fellows, Apr 16 '14 at 12:21

score 2 · Accepted Answer · answered Apr 17 '14 at 04:53

DF > Have you packed your private key and the signed public key,
DF > together with the CA keychain, into a .p12 file yet? 
Victor > how to do that? please guide me through

This has been answered previously at Adding an intermediate certificates to a pkcs12 file in JBoss.

Assuming you have a certificate and private key for example.com:

openssl pkcs12 -export -in www-example-com.crt -inkey www.example.key -out www-example-com.p12

Be sure your certificate (www-example-com.crt above) has all the intermediate certificates required to build a valid chain; and not just the server's certificate. That means www-example-com.crt will have multiple PEM entries.

Test it with the following. ca.pem is your CA's root certificate.

echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect example.com:443 -CAfile ca.pem

You should finish with Verify return code: 0 (ok).

how to apply ssl certificates to aol server in tcl script?

1 Answers1