Forum

I'm a little puzzled by how to interpret the docs for this. Excerpts from the config file:

Binding {
	Port = 80
	TimeForRequest = 5, 5
	MaxRequestSize = 8
}

Binding {
	Port = 443
	TimeForRequest = 5, 15
	MaxRequestSize = 8
	SSLcertFile = clique4.us.pem
}

VirtualHost {
	Hostname = clique4.us
	RequireSSL = yes
	WebsiteRoot = /var/www/clique4.us
	StartFile = index.html
	AccessLogfile = /var/log/hiawatha/access-clique4.us.log
	ErrorLogfile = /var/log/hiawatha/error-clique4.us.log
	ExecuteCGI = no
}

My .pem file contains, in this order:

- host's private key
- domain certificate
- intermediate certificate
- root certificate

The above configuration works and I get the benefit of SSL, but I am having trouble breaking off the virtual host. If I try to "split" the .pem into global and host-specific parts, I get the error (Hiawatha does not start)

Error loading X.509 certificates (-0x2180): X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected

If I put an entire .pem in the virtual host section, Hiawatha starts, but clients crash. The message says that an SSL response was too long.

Any thoughts? Thank you!

Marc

Hiawatha version: v9.3, cache, IPv6, reverse proxy, SSL (1.3.2), URL toolkit, XSLT
Operating System: Ubuntu 12.04.2 LTS

For whatever reason, I have this working now (so far). I've pointed to the same .pem file from both locations. I tried this earlier, but I am trying it more successfully here. Presumably I can buy some more certificates and have quite an evening.

Each .pem file should contain at least the private key and the associated certificate. Any intermediate and root certificates should be added in the order you specified. So, your .pem file looks correct.

Sorry for my poor English, but what do you mean by "breaking off the virtual host"?

You stated that your client crashes. What client are you talking about? And do you mean by crash like the program stops running or even disappears?