Friday, July 4, 2008

SSL can be so... cryptic

Setting things back up on my server today, and having a puzzling time of it when it comes to my SSL certificates.

I started out by getting my jabber server back up and running and puzzling over why it wouldn't talk to the Google Talk servers. Scrounging around the net a little, I discovered that I needed to have SSL set up on my server to satisfy the peculiar tastes of The Goog.

Except that didn't work, and it took quite a bit more puzzling to determine that it didn't like my self-signed certificate, but substituting it with a certificate that I signed with a self-generated CA key would work. Go fig.

Then, while I was on an SSL kick, I decided to enable https on Apache, so I dutifully cooked up a key and crt, signed it with the CA key I just generated and... Firefox refused to trust it. Not only did it refuse to trust it, but it went so far as to even refuse to let me set an exception, and the errors it gave were utterly vague and generic.

It took me a few more hours of generating keys, searching the net, and screaming at the utterly useless documentation to figure out that I needed to use a self-signed cert instead of one signed by my fake CA.

What a pain in the ass.

No comments: