[Zope] Problems with ZopeSSL

Rob Thorne rob@torenware.com
Tue, 29 Apr 2003 11:37:45 -0700 

Mark,

It's hard to tell from the log messages, but based upon the fact that 
the browser seems to be quitting on your server, there's one thing you 
might want to try.

I assume that you're using a self signed certificate.  Many browsers 
(and some command line utilities) don't behave well if they do not 
recognize the certificate authority (CA) that generated the server 
certificate.  When you are generating your own certificates, unless the 
browser is set up to handle unknown authorities, this is a common problem.

I have better luck when I create my own certificate authority, and then 
*sign* my own server certificates with it.   This is not hard; see the 
O'reilly book on OpenSSL for info.

The certificate authority's public key can be posted somewhere that your 
users can see it (say, in the root of your document tree for your web 
server).   If your doc tree is /u/www/htdocs/, you can put the public 
key of the CA into the file ca.crt, and tell your users to browse to:

http://your_domain_name/ca.crt

Most browsers will recognize ca.crt as a certificate, and will put up a 
set of dialogs to help the user import the certificate into the 
browser's database.  Once this happens, they will browse https pages 
from your server without complaint, and are more likely to work correctly.

I'm not sure how best to do this using Zope's ZServer, since I use 
apache for my Zope ssl pages, on a Linux box.  But I'd guess it would 
work on a Windows host as well.

Regards,
Rob

Mark Wheaton wrote:

> Hi,
>     I am running Zope 2.6.1 on Windows XP Pro. I am trying to get an 
> SSL server running using the m2crypto stuff, following the 
> instructions here:
>
> http://www.zope.org/Members/Ioan/ZopeSSL
>
> I have got it to a point where the SSL server starts up OK, and the 
> web browser can conenct and do the initial key/certificate negotiation 
> (as shown by browser popups complaining about the cert being out of date)
>
> The problem is that no content is visible in either the root or under 
> /manage, and the console has the following error messages. I've tried 
> it with both Mozilla and IE and the same thing happens with both 
> browsers.
>
> Anyone got any idea what's going on?
>
> Thanks in advance,
>
> Mark
>
>
> ---
> 2003-04-29T13:26:45 INFO(0) ZServer recv: closing channel 
> <ZServer.HTTPS_Server.
> zhttps_channel connected 127.0.0.1:2412 at 0xae26ac channel#: 0 
> requests:> unexpected eof
> ------
> 2003-04-29T13:27:10 INFO(0) ZServer recv: closing channel 
> <ZServer.HTTPS_Server.
> zhttps_channel connected 127.0.0.1:2413 at 0xae26ac channel#: 1 
> requests:> (0, 'Error')
> ---
>
-- 

Rob Thorne
Torenware Networks
WWW: http://www.torenware.com