spaces.internet2.edu has been upgraded to Confluence 6.5.0. If you have any questions and/or concerns, please contact us at websupport@internet2.edu
Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Be wary of using a browser to test your server configuration. Some browsers (such as Firefox) will store intermediate CA certificates received from a server in the browser's certificate store, so unless you're careful, you may be tricked into believing your server is configured correctly when in fact it's not. To avoid this pitfall, use openssl to definitively test your server configuration:

{pre}openssl
Wiki Markup
Pre

openssl s_client

-connect

server:port

-CApath

/etc/ssl/certs/

{pre}

If the client machine does not have an /etc/ssl/certs/ directory, download the AddTrust External CA Root certificate, and try the following command instead:

{pre}openssl
Wiki Markup
Pre

openssl s_client

-connect

server:port

-CAfile

AddTrustExternalCARoot.crt

{pre}

In either case, if certificate validation succeeds, you know your server is configured correctly. Let's try a specific example:

...