Tuesday, March 20, 2012

SSL certificates and my web host provider

The past few days have been proven quite difficult - unexpectedly and disappointingly so. Here's the general gist of what's been happening.

I decided that rather than write a full front-end web interface for OttoJotts that I would be sneaky and do it for Facebook, creating a back-end for beta testing. This would give me a leg up on the FB version of the game and would still let me write most of the code needed for things without doing web development directly (I would be able to leverage some of my other efforts to help). I kept getting a failure from FB, though, and found out that it was likely based on secure browsing and a lack of SSL support from my game.
So I went online, found a cheap solution from NetworkSolutions ($12.99/yr for an SSL certificate - that's a good deal) and bought one for my FB subdomain. Installing it has been quite the exercise in frustration, though. For some reason, adding OpenSSL to the Apache service is simple. I just had to click on something, fill out a form, and bam! Installed. The certificates, though, are a different beast.
First, none of the documentation I've found match my configuration. I've been searching for, literally, days trying to find out what arcane incantation I'm missing to make this thing work. There are two separate configuration files - httpd.conf and ssl.conf. In different directories. Which one do I edit? What changes do I need to make to them? The information online seems scattered and confused - and doesn't match the configuration I have.
I've submitted a ticket with my hosting company to enlist their help, but some of the documentation now has me concerned that I won't be able to add a separate SSL certificate for my main site (the WWW one) and one for my subdomain (the one I'm using for the FB game) because of how OpenSSL is configured. Overall what I would have expected to be something that should be bog simple (because of the need for secure connections in an increasingly-connected world) has turned out to be the epitome of legacy manual entry. The only thing that would make it worse if I had to submit it on Hollerith (punch) cards! As it is, it's fortunate that I know vi as well as I do and can navigate my way around a Linux system.
I will update as things progress but for now I can just say that someone (not me) needs to figure out how to make this a lot simpler than it currently is.