Eskimo North


          [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

          WWW reboot, SSL certificate updated


          • To: outages-list@eskimo.com
          • Subject: WWW reboot, SSL certificate updated
          • From: "Eric T. Jorgensen" <ericj@eskimo.com>
          • Date: Wed, 1 Nov 2000 21:44:25 -0800 (PST)
          • Resent-Date: Wed, 1 Nov 2000 21:44:28 -0800
          • Resent-From: outages-list@eskimo.com
          • Resent-Message-ID: <"yeyXZ2.0.MW3.xyF0w"@mx1>
          • Resent-Sender: outages-list-request@eskimo.com

          
          
          Rebooted WWW just now when I noticed a couple Apache panics and no response
          on the console.  May have been a few minutes late in catching it.  Sorry.
          
          
          The SSL certificate we used on our commerce server had expired in late
          October, and while we were getting the original resigned for another year
          by the authority that signed the previous certificate, I got another setup
          under OpenSSL -- so we used that one late last night and most of today.
          
          We did get the newly-signed certificate for commerce, so I reverted that
          server back to the one we previsouly used (which now expires Nov 14 2001).
          We do want to get this going and to be able to sign certificates ourselves
          as well however, for a couple main reasons: 
          
              The commerce server itself is flaking out occasionally (reference the
              previous outage about needing to swap the power supply, etc).  We'll
              want to add SSL capability to the other main servers (www and www2) to
              help reduce any possibility of that being down for the count for
              extended periods.
          
              Also, we'd like to be able to offer signed certificates for domains we
              host here, to offer SSL capability to virtual domains without needing
              the kludge of it only being available as 'commerce.eskimo.com'.  Looks
              more professional for the domains that want that capability to have it
              under their own name as well, plus it's been requested that way from
              time to time.
          
          This will take a bit more research to find the method of getting on the
          list of "Signers" in browser settings for newer releases, but older
          browsers would still need to "approve" it on the first visit, just as they
          did when the current list of signers was new, or when they eventually
          expire and another gets put up in their place.
          
          In short, commerce is back up with the original certificate now, re-signed
          by the original authorities for another year.
          
          ~ Eric
          
          -- 
          Eric T. Jorgensen		Reality's a Rorschach test,	-o)
          Eskimo North Support Staff	And all the world's a blot.	 /\
          206-812-0051, 800-246-6874	"Semper Tux" (Always Linux)	_\_\
          
          
          

          • Prev by Date: Eskimo
          • Next by Date: WWW & WWW2 down
          • Prev by thread: WWW & WWW2 down
          • Next by thread: RE: stale mail (fwd) [T20001028017R]
          • Index(es):
            • Date
            • Thread