- To: outages-list@eskimo.com
- Subject: WWW reboot, SSL certificate updated
- From: "Eric T. Jorgensen" <ericj@eskimo.com>
- Date: Wed, 1 Nov 2000 21:44:25 -0800 (PST)
- Resent-Date: Wed, 1 Nov 2000 21:44:28 -0800
- Resent-From: outages-list@eskimo.com
- Resent-Message-ID: <"yeyXZ2.0.MW3.xyF0w"@mx1>
- Resent-Sender: outages-list-request@eskimo.com
- Prev by Date: Eskimo
- Next by Date: WWW & WWW2 down
- Prev by thread: WWW & WWW2 down
- Next by thread: RE: stale mail (fwd) [T20001028017R]
- Index(es):
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
WWW reboot, SSL certificate updated
Rebooted WWW just now when I noticed a couple Apache panics and no response
on the console. May have been a few minutes late in catching it. Sorry.
The SSL certificate we used on our commerce server had expired in late
October, and while we were getting the original resigned for another year
by the authority that signed the previous certificate, I got another setup
under OpenSSL -- so we used that one late last night and most of today.
We did get the newly-signed certificate for commerce, so I reverted that
server back to the one we previsouly used (which now expires Nov 14 2001).
We do want to get this going and to be able to sign certificates ourselves
as well however, for a couple main reasons:
The commerce server itself is flaking out occasionally (reference the
previous outage about needing to swap the power supply, etc). We'll
want to add SSL capability to the other main servers (www and www2) to
help reduce any possibility of that being down for the count for
extended periods.
Also, we'd like to be able to offer signed certificates for domains we
host here, to offer SSL capability to virtual domains without needing
the kludge of it only being available as 'commerce.eskimo.com'. Looks
more professional for the domains that want that capability to have it
under their own name as well, plus it's been requested that way from
time to time.
This will take a bit more research to find the method of getting on the
list of "Signers" in browser settings for newer releases, but older
browsers would still need to "approve" it on the first visit, just as they
did when the current list of signers was new, or when they eventually
expire and another gets put up in their place.
In short, commerce is back up with the original certificate now, re-signed
by the original authorities for another year.
~ Eric
--
Eric T. Jorgensen Reality's a Rorschach test, -o)
Eskimo North Support Staff And all the world's a blot. /\
206-812-0051, 800-246-6874 "Semper Tux" (Always Linux) _\_\