forked from diaspora/diaspora
-
Notifications
You must be signed in to change notification settings - Fork 0
SSL problems
grinapo edited this page Oct 12, 2011
·
3 revisions
work in progress
- Do not try to use self-signed certificates! **
- ssl setup requires a globally verifiable crt, self signed won't do
- application.yml contains most of the setup
- pod_url should contain https:// and proper PODURL address
- set up proper proxying in webserver (forward tcp/443 to localhost:3000)
- ca_file should be able to verify your cert:
-
openssl verify -CApath /dev/null -CAfile ca-certificates.crt yourpod.crt
- should give you OK
-
- if you use socket_secure then socket_cert_chain_location should verify your cert and contain the cert for your key
Your public/webfinger
directory should be empty. The files are generated on the fly if there is no matching file there, and if there is, the files will be used instead.
Check your webfinger by retrieving PODURL/.well-known/host-meta it should point to proper https://PODURL
Check hcard in the response file, it should point to https://PODURL