Becoming an RP with the Pamela Project (pt. 2)

Okay. So when I last posted I was waiting for my SSL cert to get installed and I left to enjoy the rest of the day with my wife and daughter. Good choice, as there were still a fair number of obstacles ahead of me. When I returned from my walk, the superstars at Bluehost had emailed me with the good news that my SSL cert had been installed. This was VERY good news, as installing an SSL certificate is NOT something to be done by mere mortals (see Mike’s post here–and HE’S not even MORTAL!)

Having my brand new certificate installed, I was anxious to take it out for a spin. I went to the SSL manager in my Bluehost control panel, and low and behold, they were NOT lying… there was my certificate. I clicked on the link to view my private key. This is what I saw in my Bluehost panel (I’ve change two characters in the image below so it’s STILL private!):

picture-6.png

And this is what the fields I need to copy SOMETHING into look like in the Plugin options:

picture-7.png

Okay… three fields need to be filled in. I guessed the secure site URL was just “https://drstarcat.com”, and when I clicked saved, the plugin gave me a green arrow next to the URL so I was on the right track. Now the tough part… what part of the above information about my SSL certificate is the Private Key? I’d installed these things before, but I couldn’t remember. It DEFINITELY seemed like the information in the top box, but what piece of it? Do I include the “—–BEGIN RSA PRIVATE KEY—–” part or just the stuff between it and the “—–END RSA PRIVATE KEY—–“? I tried BOTH of course and I STILL couldn’t get that last red “X” to turn into a green check mark.

I then begin to fixate on the “SSL Passphrase” piece. Do I have one of those? And if so, where is it? I write back to Bluehost. They reply almost immediately (Nice!). I DO have a pass phrase, but they hadn’t told me this. Now with my pass phrase in hand I am SURE I am nearing success. I try the pass phrase with just the stuff between the begin and end statements. No green arrow. I try it with the begin and end statement included–STILL no green arrow. NOW I’m in that very bad place where I have three variables, none of which I’m sure about, and no combination that seems to work. What do I do?–the manly thing of course. I write Pamela and ask her for help (yes, I was whining in the email).

I wait for a couple of hours for Pamela to respond. Given the fact, however, that this is NOT her job, she does not respond to me like my new pals at Bluehost. I start to tinker again. As I mess around I notice that my SSL certificate is ACTUALLY for “www.drstarcat.com”, not “drstarcat.com”. Now I had already tried switching the URL field to “https://www.drstarcat.com”, but I still hadn’t gotten the green arrow. Regardless, I was sure this would be a problem in the future, so I went ahead and wrote Bluehost to tell them to give me a new one with just “drstarcat.com”. They tell me that they stopped issuing certs for the base URL because “Cpanel would randomly uninstall the SSL”. I tell them I’ll take my chances and to get me the new one.

Two hours later (and just a little while ago), I’m done with dinner and I stumble back over here to my computer to see what new information I might have. Still no Pamela, Mike’s enjoying my pain, BUT the guys at Bluehost have given me the new cert. I’m pretty skeptical that it’s going to work, but since I don’t have anything better to try, I begin trying all the possible combinations in the three fields, and BAMN, like a sore-luck loser in Vegas who finally sees lucky 7s across the slot machine window, I get it… SIX green arrows! The winning combination:

Secure Site URL: https://drstarcat.com

SSL Private Key: Include the “Begin” and “End” statements

SSL Pass phrase: Required (at least for me).

picture-8.png

Nice… my wife appreciates how I have to prove that I actually got it to work with an image. Too bad! I EARNED those six green arrows! Now the funny part is that I still don’t know what to do with my now functioning iCard enabled blog. I don’t require people to sign in to post (in fact, I can’t figure out HOW to require people to sign in, even for fun!). Regardless, if you’d like to sign into my blog using your iCard, you now can at this link. I’ll make sure that I learn how to require signing in to comment on my MOST important posts and enable LOTS of other really cool exclusive stuff for people who can figure out how to use an iCard, so I’m SURE it will be worth your while.

So what’s the final word on the Pamela Project? Well, clearly, I don’t have it, as this project (along with the rest of the Identity space) is JUST beginning in spite of how much work has already gone into it. Obviously any sane person isn’t going to go through what I did, but I also found out in my struggles that Pamela is about to release a version of the plugin that does NOT require SSL (talk about timing!) So really if you think about it, with just a little better instruction (put the dumb dumb download up front, and show exactly what needs to go into each blank), I probably could have installed the plugin (without SSL) in about 5 minutes (instead of 7 hours). If EVERY website in the world could become a relying party in 5 minutes, and that meant NO one EVER had to enter a password again… well, I’ll leave the math to you, but I think they might just be onto something.

Be Sociable, Share!
  • Mike Jones

    This comment left with my Information Card. Congratulations Ryan!

    — Mike

    http://self-issued.info/

  • http://aqualung.typepad.com/aqualung Ric Hayman

    Likewise – using the Higgins card selector via Firefix extension … nice work!

  • http://aqualung.typepad.com/aqualung Ric Hayman

    (that would be “Firefox” of course :’D)

  • https://eternaloptimist.wordpress.com Pamela Dingle

    Wow, this is a very graphic illustration of what 5 minutes of developer thought can mean to an installer.

    I of course hate the fact that I was the developer to cause you such pain :( My apologies!

    I will take your suggestions to heart and make sure to put up an example screenshot in the short term, and point-by-point help screens in the long term.

  • David S. Rose

    OK, I’m here! Where’s the goodie bag?? (Using Ian Brown’s card selector plugin for Safari, which was really quite painless to install.)

    Under the heading of ‘the world is a really weird place, and synchronicity is everywhere’, his site is hccp.org. Guess who has hccp.net?

    So, oh guru, what is your current best estimate of when all this identity stuff will hit the mainstream enough so that it would make sense for a typical site, like, say, Angelsoft, to use it?

  • http://drstarcat.com drstarcat

    It’s going to take a while, but it’s coming!

  • David S. Rose

    OK, I'm here! Where's the goodie bag?? (Using Ian Brown's card selector plugin for Safari, which was really quite painless to install.)

    Under the heading of 'the world is a really weird place, and synchronicity is everywhere', his site is hccp.org. Guess who has hccp.net?

    So, oh guru, what is your current best estimate of when all this identity stuff will hit the mainstream enough so that it would make sense for a typical site, like, say, Angelsoft, to use it?