Krydos

No problem. I volunteer my time to HelioHost because I find it fun, and I especially like challenges that I've never done before. You're the first to try to do this in the seven years I've been volunteering.

I created the two users for you, and their passwords and .p12 files are in the same place as the first certificate. I tested all the certificates to make sure they work with this page which you might find useful: https://cezih-net.heliohost.org/auth.php

I ran this all on Ubuntu. It should be similar on all distros though. Maybe some different paths. I ran all the following commands as root. Edit your openssl configuration: # vim /etc/ssl/openssl.cnf (scroll down to) [ ca ] default_ca = CA_default # The default ca section [ CA_default ] dir = /etc/ssl/private # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of # several ctificates with same subject. new_certs_dir = $dir # default place for new certs. certificate = $dir/ca.crt # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/ca.key # The private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options # Extension copying option: use with caution. # copy_extensions = copy # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = md5 # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) policy = policy_match # For the CA policy [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = match commonName = supplied emailAddress = optional Create your ca script: # echo '#!/bin/bash' > ca # chmod 700 ca # vim ca #!/bin/bash echo 11 > /etc/ssl/private/crlnumber echo 1111 > /etc/ssl/private/serial openssl genrsa -out /etc/ssl/private/ca.key openssl req -new -key /etc/ssl/private/ca.key -out /etc/ssl/private/ca.csr openssl x509 -req -days 3650 -in /etc/ssl/private/ca.csr -signkey /etc/ssl/private/ca.key -out /etc/ssl/private/ca.crt touch /etc/ssl/private/index.txt openssl ca -gencrl -out /etc/ssl/private/ca.crl -crldays 7 cp /etc/ssl/private/ca.crt . Create your user script: # echo '#!/bin/bash' > user # chmod 700 user # vim user #!/bin/bash if [ ${#1} -eq 0 ]; then echo "Usage: ./user <username>" exit fi base="/etc/ssl/private" mkdir -p $base/users/$1/ openssl genrsa -des3 -out $base/users/$1/$1.key 1024 openssl req -new -key $base/users/$1/$1.key -out $base/users/$1/$1.csr openssl ca -in $base/users/$1/$1.csr -cert $base/ca.crt -keyfile $base/ca.key -out $base/users/$1/$1.crt openssl pkcs12 -export -clcerts -in $base/users/$1/$1.crt -inkey $base/users/$1/$1.key -out $base/users/$1/$1.p12 cp /etc/ssl/private/users/$1/$1.p12 . Run ./ca first and fill in the questions to create your ca.crt file. If everything works this file will be copied to where you're running the ca script from. This file gets uploaded to /home/cezihred/ssl/ca.crt Next run ./user and fill in the questions to create your user.p12 file. If everything works this file will be copied to where you're running the user script from. This user.p12 file gets installed in your client browser. If you mess up somehow, or want to start over entirely I wrote this script to clean things up and start over from scratch. WARNING: This deletes your CA and all of your users: # echo '#!/bin/bash' > reset # chmod 700 reset # vim reset cd /etc/ssl/private rm -rf users rm -f * Like I said, it's pretty complicated so I really don't mind generating the certificates for you if you need.

Um, sure. It's a bit complicated so I don't mind generating your certificates for you.

Sent.

Ok, I sent you the .p12 file and the password to use it. Download the .p12 file to your computer. If you use chrome open settings >> manage certificates >> import navigate to the .p12 file and open it. It will ask for the password that I sent you. Once that's installed got to http://cezih-net.heliohost.org/ and it should pop up the dialog box asking which certificate to use to authenticate. Then from there you can use php $_SERVER variables, etc to build a secure system.

Each account must have a unique email address. Since the address associated with the paypal donation is already in use where would you like the invitation sent? To your friends email? You can PM me the email address if you want. Just make sure you let me know in this thread that you sent it otherwise I'll never remember to check it.

I got it! Check out https://krydos.heliohost.org/auth/ I think I can set it up for you too. PM me the following please: Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Post on this thread after you PM me, because I never remember to check my PMs.

Since there is an active Tommy account with the email address of that paypal transaction I'm going to assume this is solved.

Can you create a paypal or skrill account and attach your debit card to that?

We support VISA, MasterCard, Discover, and American Express.

You get that error because .htaccess is not a valid context for the directive SSLCACertificateFile http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile

I messed around with this a little, but I haven't been able to get it to work yet. I think it might be possible though. The issue that we're probably running into is the server sends the message "Do you have a client certificate? These are the CAs that I consider valid." and the browser goes, "Ummm nope, none of my certificates are signed by a CA that are on that list." So your browser doesn't prompt you, and doesn't send a certificate, and those $_SERVER variables don't get set. I'll fiddle with it some more later.

Deployed. http://gagrwl.heliohost.org/web/

Since the title is "2nd account" I suspect that you're worried about getting suspended for having more than one account. To be more specific that rule is that you can only have one active account so you're fine.

You have /home/saikosns/public_html/.htaccess that has RewriteEngine On RewriteBase / RewriteRule ^(media/.*)$ - [L] RewriteRule ^(admin_media/.*)$ - [L] RewriteRule ^(ComicPub/dispatch\.wsgi/.*)$ - [L] RewriteRule ^(.*)$ ComicPub/dispatch.wsgi/$1 [QSA,PT,L] What that basically means is anything that isn't /media/ or /admin_media/ gets processed through dispatch.wsgi. Since you don't have a rule for /static/ it's not going to be able to access those files and gives a 404. Add this line after admin_media/ RewriteRule ^(static/.*)$ - [L]

You're only allowed to run 2 cron jobs per day. If you exceed 2 then all of your cron commands will be deleted, and you run the risk of getting your account suspended. If you need to run cron more than twice a day let us know and we can help you set up an external cron. There is no such thing as resetting your jobs.

Tommy support System.Core if that's what you're looking for. ASP.NET has been installed on your account. (Not that it's going to do any good since you don't have any domains hosted with us...)

Please clear your cache.

How did you create or where did you get your client certificate from in your browser?

Deployed. http://gagrwl.heliohost.org/web/

Java is now installed on barcodenetbar.com as well http://barcodenetbar.com/test.jsp

Deployed. http://ddushan1.heliohost.org/Server/

XSL is now enabled on Johnny.

Java is only enabled on your main domain unless specified otherwise.