Re[2]: Sooo many problems with Debian mod_ssl !
Thanks for your reply, I'll then get the sources for apache 1.3.3 ;-) But have to disagree with you about the solution you gave for the SSL_BASE variable. Here is the problem: (first, I wiped the test for the EAPI flag, otherwise, I cannot get further ;-) - When I don't set a SSL_BASE variable, I get a 'cannot find SSL installation in /usr/local/ssl'. That is normal. - The program that configure is trying to get is 'ssleay'. In Debian, it is located as file '/usr/bin/ssl/ssleay'. - If I set SSL_BASE to '/usr/bin/ssl', it will not find it, as the line you use to test the presence of the ssleay file is: 'if [ -f "$SSL_BASE/bin/ssleay" ]; then ...' ($SSL_BASE/apps/ssleay is tried too) As you can see, I cannot map /usr/bin/ssl into $SSL_BASE to match the test ! There are two possible modifications to make it work: 1) Create a link in the /usr/bin/ssl directory named 'bin' that is a link to the directory where it is (/usr/bin/ssl/bin will point to /usr/bin/ssl ;-) 2) Modify all the references in libssl.module to allow such mapping (that makes 3 lines modified). I think the easyest is the first solution. It would be cool to write to the debian maintainer of the ssleay package to add such link in his package. BUT: There's the same problem with the include files from ssleay-dev. They are located in a complete different location from the binary part of ssleay ( they are in /usr/include/ssl). The problem is that the same variable is used (BASE_SSL) to point for binary and include files ;-( So if I put '/usr/bin/ssl' in BASE_SSL, it will look in /usr/bin/ssl/include for the include files ;-( I've no solution for this, except modifying the libssl.module file. Thanks, Luc Stepniewski __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Re[2]: Sooo many problems with Debian mod_ssl !
4-Jan-99 17:20 you wrote: Thanks for your reply, I'll then get the sources for apache 1.3.3 ;-) But have to disagree with you about the solution you gave for the SSL_BASE variable. Here is the problem: (first, I wiped the test for the EAPI flag, otherwise, I cannot get further ;-) - When I don't set a SSL_BASE variable, I get a 'cannot find SSL installation in /usr/local/ssl'. That is normal. - The program that configure is trying to get is 'ssleay'. In Debian, it is located as file '/usr/bin/ssl/ssleay'. - If I set SSL_BASE to '/usr/bin/ssl', it will not find it, as the line you use to test the presence of the ssleay file is: 'if [ -f "$SSL_BASE/bin/ssleay" ]; then ...' ($SSL_BASE/apps/ssleay is tried too) As you can see, I cannot map /usr/bin/ssl into $SSL_BASE to match the test ! There are two possible modifications to make it work: 1) Create a link in the /usr/bin/ssl directory named 'bin' that is a link to the directory where it is (/usr/bin/ssl/bin will point to /usr/bin/ssl ;-) 2) Modify all the references in libssl.module to allow such mapping (that makes 3 lines modified). I think the easyest is the first solution. It would be cool to write to the debian maintainer of the ssleay package to add such link in his package. BUT: There's the same problem with the include files from ssleay-dev. They are located in a complete different location from the binary part of ssleay ( they are in /usr/include/ssl). The problem is that the same variable is used (BASE_SSL) to point for binary and include files ;-( So if I put '/usr/bin/ssl' in BASE_SSL, it will look in /usr/bin/ssl/include for the include files ;-( I've no solution for this, except modifying the libssl.module file. "Then you have to use SSL_BASE=SYSTEM as it's documented in the INSTALL file." Something not clear ? With SSL_BASE=SYSTEM ssleay command will be searched via PATH variable, /usr/include, /usr/include/ssl, /usr/local/include and /usr/local/include/ssl will be scanned for ssl.h and /lib, /usr/lib and /usr/local/lib will be scanned for libssl.a or libssl.so ... __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RPMs available?
Are there anywhere RPMs with at least Apache 1.3.9, mod_ssl 2.4.x and mod_perl (and perhaps mod_php3*)? Tim -- Tim Niemueller [EMAIL PROTECTED] www.niemueller.de -- PGP-ID and Fingerprint Get on Homepage! (RSA 0x727B2BB7) 4244 5CBB 67CC 7DC4 71B2 6EB7 149F 2585 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Verisign Global Server certificate and SSLCertificateChainFile
Hi! I have a problem using a Global Server certificate from Versisign in conjunction with Apache (Apache 1.3.9, modssl 2.4.8, openssl 0.9.4). I applied for a Global Server certificate based on the Stronghold server as it was recommended on this mailing list. I got that certificate and was able to add it so that is is used when users load pages from the web server. Unfortunately, the browsers still don't recognize the CA. That's ok, because the intermediate certificate ist not yet configured. My problem is what do I have to do with this intermediate certificate? Pointing with SSLCertificateChainFile to a file containing the intermediate certificate results in an error message (Failed to configure CA certificate chain). I tried to add the whole ca-bundle.crt file to that file, but it didn't help. Any help? Tim
Re: RPMs available?
On Sat, Nov 06, 1999, Tim Niemueller wrote: Are there anywhere RPMs with at least Apache 1.3.9, mod_ssl 2.4.x and mod_perl (and perhaps mod_php3*)? http://www.modssl.org/contrib/ !? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Verisign Global Server certificate and SSLCertificateChainFile
On Fri, Nov 05, 1999, [EMAIL PROTECTED] wrote: I have a problem using a Global Server certificate from Versisign in conjunction with Apache (Apache 1.3.9, modssl 2.4.8, openssl 0.9.4). I applied for a Global Server certificate based on the Stronghold server as it was recommended on this mailing list. I got that certificate and was able to add it so that is is used when users load pages from the web server. Unfortunately, the browsers still don't recognize the CA. That's ok, because the intermediate certificate ist not yet configured. My problem is what do I have to do with this intermediate certificate? Pointing with SSLCertificateChainFile to a file containing the intermediate certificate results in an error message (Failed to configure CA certificate chain). I tried to add the whole ca-bundle.crt file to that file, but it didn't help. Pointing SSLCertificateChainFile to the intermediate CA file is correct. If you get an error I guess the CA file is not in PEM format or something else is messed up. Use "openssl x509 -noout -text -in file" to make sure OpenSSL can read the CA file. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: RPMs available?
Tim Niemueller wrote: Are there anywhere RPMs with at least Apache 1.3.9, mod_ssl 2.4.x and mod_perl (and perhaps mod_php3*)? Check http://www.modssl.org/contrib/ - usually there is an rpm with the latest and greatest version a couple of hours after new releases of mod_ssl. -- vh. Mads Toftum,QDPH __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
CA and server certs
Dear list readers - I have followed the instructions for generating my own CA and server certificate, and signed the server.csr creating the server.crt and put both the server.crt and server.key in /etc/httpd/conf/ and checked the httpd.conf.ssl file to make sure the server was pointing to these files in the corect location. And stopped and restarted the webserver. Now when i go to connect to it via an https request i get the following error: "The server's certificate has an invalid signature. You will not be able to connect to this site securely." I comared the pub and priv keys using the commands from the FAQ and have verified, i believe, that they do indeed match. Any ideas on how to correct this problem? Any help/advice would be GREATLY appreciated. -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Success with FrontPage ?
Hi, please have anybody compiled Apache 1.3.9 with mod_ssl + mod_php3.12 + mod_perl + mod_frontpage 4 under RedHat 5.2 or 6.x ??? Can you please send me spec`s and coment ?? many thanx Martin Kuchar __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
CA and certs
Dear list readers: I found what i believe to be the problem that i am having. When i go to sign the server.csr, i get the following error after committing: error 7 at 0 depth lookup:certificate signature failure And that is why i am getting the signature error in apache trying to connect to the https. Any ideas? -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
